0001-json-prototype-validate-template-syntax-34738.patch
combo/data/models.py | ||
---|---|---|
47 | 47 |
from django.utils.text import slugify |
48 | 48 |
from django.utils.translation import ugettext_lazy as _ |
49 | 49 |
from django.forms.widgets import MediaDefiningClass |
50 |
from django.template import Context, engines, TemplateDoesNotExist |
|
50 |
from django.template import Context, engines, TemplateDoesNotExist, TemplateSyntaxError
|
|
51 | 51 |
from django.test.client import RequestFactory |
52 | 52 | |
53 | 53 |
from .fields import RichTextField, TemplatableURLField |
... | ... | |
1275 | 1275 |
return super(JsonCellBase, self).render(context) |
1276 | 1276 | |
1277 | 1277 | |
1278 |
def django_template_validator(value): |
|
1279 |
try: |
|
1280 |
tmpl = engines['django'].from_string(value) |
|
1281 |
except TemplateSyntaxError as e: |
|
1282 |
raise ValidationError(_('syntax error: %s') % e) |
|
1283 | ||
1284 | ||
1278 | 1285 |
@register_cell_class |
1279 | 1286 |
class JsonCell(JsonCellBase): |
1280 | 1287 |
title = models.CharField(_('Title'), max_length=150, blank=True) |
1281 | 1288 |
url = models.CharField(_('URL'), blank=True, max_length=200) |
1282 |
template_string = models.TextField(_('Display Template'), blank=True, null=True) |
|
1289 |
template_string = models.TextField(_('Display Template'), blank=True, null=True, |
|
1290 |
validators=[django_template_validator]) |
|
1283 | 1291 |
cache_duration = models.PositiveIntegerField( |
1284 | 1292 |
_('Cache duration'), default=60) |
1285 | 1293 |
force_async = models.BooleanField(_('Force asynchronous mode'), |
tests/test_manager.py | ||
---|---|---|
1142 | 1142 |
resp = resp.click(href='/admin/logout/') |
1143 | 1143 |
resp = resp.follow() # -> /logout/ |
1144 | 1144 |
assert urlparse.urlparse(resp.location).path == '/' |
1145 | ||
1146 |
def test_json_cell_syntax_validation(app, admin_user): |
|
1147 |
Page.objects.all().delete() |
|
1148 |
page = Page(title='One', slug='one') |
|
1149 |
page.save() |
|
1150 |
app = login(app) |
|
1151 |
# syntax error |
|
1152 |
resp = app.get('/manage/pages/%s/add-cell-to-content/data_jsoncell/default/' % page.id) |
|
1153 |
resp = resp.follow() |
|
1154 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{% syntax|error %}' |
|
1155 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
1156 |
resp = resp.forms[0].submit() |
|
1157 |
assert 'syntax error: Invalid block tag' in resp.body |
|
1158 |
assert JsonCell.objects.count() == 1 |
|
1159 |
assert JsonCell.objects.first().template_string is None |
|
1160 |
# valid syntax |
|
1161 |
resp = app.get('/manage/pages/%s/' % page.id) |
|
1162 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{{ ok }}' |
|
1163 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
1164 |
resp = resp.forms[0].submit().follow() |
|
1165 |
assert 'syntax error' not in resp.body |
|
1166 |
assert JsonCell.objects.count() == 1 |
|
1167 |
assert JsonCell.objects.first().template_string == '{{ ok }}' |
|
1145 |
- |