0001-json-prototype-validate-template-syntax-34738.patch
| combo/data/models.py | ||
|---|---|---|
| 47 | 47 |
from django.utils.text import slugify |
| 48 | 48 |
from django.utils.translation import ugettext_lazy as _ |
| 49 | 49 |
from django.forms.widgets import MediaDefiningClass |
| 50 |
from django.template import Context, engines, TemplateDoesNotExist |
|
| 50 |
from django.template import Context, engines, TemplateDoesNotExist, TemplateSyntaxError
|
|
| 51 | 51 |
from django.test.client import RequestFactory |
| 52 | 52 | |
| 53 | 53 |
from .fields import RichTextField, TemplatableURLField |
| ... | ... | |
| 1275 | 1275 |
return super(JsonCellBase, self).render(context) |
| 1276 | 1276 | |
| 1277 | 1277 | |
| 1278 |
def django_template_validator(value): |
|
| 1279 |
try: |
|
| 1280 |
tmpl = engines['django'].from_string(value) |
|
| 1281 |
except TemplateSyntaxError as e: |
|
| 1282 |
raise ValidationError(_('syntax error: %s') % e)
|
|
| 1283 | ||
| 1284 | ||
| 1278 | 1285 |
@register_cell_class |
| 1279 | 1286 |
class JsonCell(JsonCellBase): |
| 1280 | 1287 |
title = models.CharField(_('Title'), max_length=150, blank=True)
|
| 1281 | 1288 |
url = models.CharField(_('URL'), blank=True, max_length=200)
|
| 1282 |
template_string = models.TextField(_('Display Template'), blank=True, null=True)
|
|
| 1289 |
template_string = models.TextField(_('Display Template'), blank=True, null=True,
|
|
| 1290 |
validators=[django_template_validator]) |
|
| 1283 | 1291 |
cache_duration = models.PositiveIntegerField( |
| 1284 | 1292 |
_('Cache duration'), default=60)
|
| 1285 | 1293 |
force_async = models.BooleanField(_('Force asynchronous mode'),
|
| tests/test_manager.py | ||
|---|---|---|
| 1142 | 1142 |
resp = resp.click(href='/admin/logout/') |
| 1143 | 1143 |
resp = resp.follow() # -> /logout/ |
| 1144 | 1144 |
assert urlparse.urlparse(resp.location).path == '/' |
| 1145 | ||
| 1146 |
def test_json_cell_syntax_validation(app, admin_user): |
|
| 1147 |
Page.objects.all().delete() |
|
| 1148 |
page = Page(title='One', slug='one') |
|
| 1149 |
page.save() |
|
| 1150 |
app = login(app) |
|
| 1151 |
# syntax error |
|
| 1152 |
resp = app.get('/manage/pages/%s/add-cell-to-content/data_jsoncell/default/' % page.id)
|
|
| 1153 |
resp = resp.follow() |
|
| 1154 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{% syntax|error %}'
|
|
| 1155 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
| 1156 |
resp = resp.forms[0].submit() |
|
| 1157 |
assert 'syntax error: Invalid block tag' in resp.body |
|
| 1158 |
assert JsonCell.objects.count() == 1 |
|
| 1159 |
assert JsonCell.objects.first().template_string is None |
|
| 1160 |
# valid syntax |
|
| 1161 |
resp = app.get('/manage/pages/%s/' % page.id)
|
|
| 1162 |
resp.forms[0]['cdata_jsoncell-1-template_string'].value = '{{ ok }}'
|
|
| 1163 |
resp.forms[0]['cdata_jsoncell-1-url'].value = 'http://example.com' |
|
| 1164 |
resp = resp.forms[0].submit().follow() |
|
| 1165 |
assert 'syntax error' not in resp.body |
|
| 1166 |
assert JsonCell.objects.count() == 1 |
|
| 1167 |
assert JsonCell.objects.first().template_string == '{{ ok }}'
|
|
| 1145 |
- |
|