0001-misc-unquote-HTML-entities-inside-Django-template-ta.patch
| tests/test_widgets.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 | ||
| 1 | 3 |
import datetime |
| 2 | 4 |
import sys |
| 3 | 5 |
import shutil |
| ... | ... | |
| 384 | 386 |
assert not widget.has_error() |
| 385 | 387 |
assert widget.parse() == '<a href="">a</a>' # javascript: got filtered |
| 386 | 388 | |
| 389 |
# check django templatetags are kept intact |
|
| 390 |
widget = WysiwygTextWidget('test')
|
|
| 391 |
mock_form_submission(req, widget, {'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>'})
|
|
| 392 |
assert not widget.has_error() |
|
| 393 |
assert widget.parse() == '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>'
|
|
| 394 | ||
| 387 | 395 |
# check we don't escape HTML if feedparser _sanitizeHTML is missing |
| 388 | 396 |
wcs.qommon.form._sanitizeHTML = None |
| 389 | 397 |
widget = WysiwygTextWidget('test')
|
| wcs/qommon/form.py | ||
|---|---|---|
| 19 | 19 |
import copy |
| 20 | 20 |
import cStringIO |
| 21 | 21 |
import fnmatch |
| 22 |
from HTMLParser import HTMLParser |
|
| 22 | 23 |
import mimetypes |
| 23 | 24 |
import os |
| 24 | 25 |
import re |
| ... | ... | |
| 1385 | 1386 |
self.value = self.value[6:] |
| 1386 | 1387 |
if self.value.endswith('<br />'):
|
| 1387 | 1388 |
self.value = self.value[:-6] |
| 1389 |
# unescape Django template tags |
|
| 1390 |
parser = HTMLParser() |
|
| 1391 |
charset = get_publisher().site_charset |
|
| 1392 |
def unquote_django(matchobj): |
|
| 1393 |
return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset) |
|
| 1394 |
self.value = re.sub('{%(.*?)%}', unquote_django, self.value)
|
|
| 1388 | 1395 | |
| 1389 | 1396 |
def add_media(self): |
| 1390 | 1397 |
get_response().add_javascript(['qommon.wysiwyg.js']) |
| 1391 |
- |
|