0001-misc-unquote-HTML-entities-inside-Django-template-ta.patch
tests/test_widgets.py | ||
---|---|---|
1 |
# -*- coding: utf-8 -*- |
|
2 | ||
1 | 3 |
import datetime |
2 | 4 |
import sys |
3 | 5 |
import shutil |
... | ... | |
384 | 386 |
assert not widget.has_error() |
385 | 387 |
assert widget.parse() == '<a href="">a</a>' # javascript: got filtered |
386 | 388 | |
389 |
# check django templatetags are kept intact |
|
390 |
widget = WysiwygTextWidget('test') |
|
391 |
mock_form_submission(req, widget, {'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>'}) |
|
392 |
assert not widget.has_error() |
|
393 |
assert widget.parse() == '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>' |
|
394 | ||
387 | 395 |
# check we don't escape HTML if feedparser _sanitizeHTML is missing |
388 | 396 |
wcs.qommon.form._sanitizeHTML = None |
389 | 397 |
widget = WysiwygTextWidget('test') |
wcs/qommon/form.py | ||
---|---|---|
19 | 19 |
import copy |
20 | 20 |
import cStringIO |
21 | 21 |
import fnmatch |
22 |
from HTMLParser import HTMLParser |
|
22 | 23 |
import mimetypes |
23 | 24 |
import os |
24 | 25 |
import re |
... | ... | |
1385 | 1386 |
self.value = self.value[6:] |
1386 | 1387 |
if self.value.endswith('<br />'): |
1387 | 1388 |
self.value = self.value[:-6] |
1389 |
# unescape Django template tags |
|
1390 |
parser = HTMLParser() |
|
1391 |
charset = get_publisher().site_charset |
|
1392 |
def unquote_django(matchobj): |
|
1393 |
return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset) |
|
1394 |
self.value = re.sub('{%(.*?)%}', unquote_django, self.value) |
|
1388 | 1395 | |
1389 | 1396 |
def add_media(self): |
1390 | 1397 |
get_response().add_javascript(['qommon.wysiwyg.js']) |
1391 |
- |