0001-json-prototype-validate-template-syntax-34738.patch
| combo/data/models.py | ||
|---|---|---|
| 47 | 47 |
from django.utils.text import slugify |
| 48 | 48 |
from django.utils.translation import ugettext_lazy as _ |
| 49 | 49 |
from django.forms.widgets import MediaDefiningClass |
| 50 |
from django.template import Context, engines, TemplateDoesNotExist |
|
| 50 |
from django.template import Context, engines, TemplateDoesNotExist, TemplateSyntaxError
|
|
| 51 | 51 |
from django.test.client import RequestFactory |
| 52 | 52 | |
| 53 | 53 |
from .fields import RichTextField |
| ... | ... | |
| 1272 | 1272 |
return super(JsonCellBase, self).render(context) |
| 1273 | 1273 | |
| 1274 | 1274 | |
| 1275 |
def django_template_validator(value): |
|
| 1276 |
try: |
|
| 1277 |
tmpl = engines['django'].from_string(value) |
|
| 1278 |
except TemplateSyntaxError as e: |
|
| 1279 |
raise ValidationError(_('syntax error: %s') % e)
|
|
| 1280 | ||
| 1281 | ||
| 1275 | 1282 |
@register_cell_class |
| 1276 | 1283 |
class JsonCell(JsonCellBase): |
| 1277 | 1284 |
title = models.CharField(_('Title'), max_length=150, blank=True)
|
| 1278 | 1285 |
url = models.URLField(_('URL'), blank=True)
|
| 1279 |
template_string = models.TextField(_('Display Template'), blank=True, null=True)
|
|
| 1286 |
template_string = models.TextField(_('Display Template'), blank=True, null=True,
|
|
| 1287 |
validators=[django_template_validator]) |
|
| 1280 | 1288 |
cache_duration = models.PositiveIntegerField( |
| 1281 | 1289 |
_('Cache duration'), default=60)
|
| 1282 | 1290 |
force_async = models.BooleanField(_('Force asynchronous mode'),
|
| tests/test_manager.py | ||
|---|---|---|
| 1110 | 1110 |
resp = resp.click(href='/admin/logout/') |
| 1111 | 1111 |
resp = resp.follow() # -> /logout/ |
| 1112 | 1112 |
assert urlparse.urlparse(resp.location).path == '/' |
| 1113 | ||
| 1114 |
def test_json_cell_syntax_validation(app, admin_user): |
|
| 1115 |
Page.objects.all().delete() |
|
| 1116 |
page = Page(title='One', slug='one') |
|
| 1117 |
page.save() |
|
| 1118 |
app = login(app) |
|
| 1119 |
# syntax error |
|
| 1120 |
resp = app.get('/manage/pages/%s/add-cell-to-content/data_jsoncell/default/' % page.id)
|
|
| 1121 |
resp = resp.follow() |
|
| 1122 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{% syntax|error %}'
|
|
| 1123 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
| 1124 |
resp = resp.forms[0].submit() |
|
| 1125 |
assert 'syntax error: Invalid block tag' in resp.body |
|
| 1126 |
assert JsonCell.objects.count() == 1 |
|
| 1127 |
assert JsonCell.objects.first().template_string is None |
|
| 1128 |
# valid syntax |
|
| 1129 |
resp = app.get('/manage/pages/%s/' % page.id)
|
|
| 1130 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{{ ok }}'
|
|
| 1131 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
| 1132 |
resp = resp.forms[0].submit().follow() |
|
| 1133 |
assert 'syntax error' not in resp.body |
|
| 1134 |
assert JsonCell.objects.count() == 1 |
|
| 1135 |
assert JsonCell.objects.first().template_string == '{{ ok }}'
|
|
| 1113 |
- |
|