0001-misc-don-t-escape-html-if-_sanitizeHTML-is-absent-10.patch
tests/test_widgets.py | ||
---|---|---|
332 | 332 |
assert not widget.has_error() |
333 | 333 |
assert widget.parse() == '<a href="">a</a>' # javascript: got filtered |
334 | 334 | |
335 |
# check we get escaped HTML if feedparser _sanitizeHTML is missing
|
|
335 |
# check we don't escape HTML if feedparser _sanitizeHTML is missing
|
|
336 | 336 |
wcs.qommon.form._sanitizeHTML = None |
337 | 337 |
widget = WysiwygTextWidget('test') |
338 | 338 |
mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'}) |
339 | 339 |
assert not widget.has_error() |
340 |
assert widget.parse() == '<p>bla bla bla</p>'
|
|
340 |
assert widget.parse() == '<p>bla bla bla</p>'
|
|
341 | 341 |
wcs.qommon.form._sanitizeHTML = sanitize_html |
wcs/qommon/form.py | ||
---|---|---|
1286 | 1286 |
if self.value: |
1287 | 1287 |
if _sanitizeHTML: |
1288 | 1288 |
self.value = _sanitizeHTML(self.value, get_request().charset, 'text/html') |
1289 |
else: |
|
1290 |
self.value = str(htmlescape(self.value)) |
|
1291 | 1289 |
if self.value.startswith('<br />'): |
1292 | 1290 |
self.value = self.value[6:] |
1293 | 1291 |
if self.value.endswith('<br />'): |
1294 |
- |