0006-escape-html-57134.patch

Lauréline Guérin, 04 novembre 2021 16:48

Voir les différences: en ligne côte à côte

Subject: [PATCH 6/6] escape html (#57134)

 combo/apps/wcs/templates/combo/wcs/card.html | 2 +-
 combo/manager/static/js/combo.manager.js     | 2 +-
 tests/test_wcs.py                            | 5 +++--
 3 files changed, 5 insertions(+), 4 deletions(-)

         {% for item in cell.custom_schema.cells %}
           <div class="{{ item.cell_size|default:"" }}">
             {% if item.varname == "@custom@" and item.template %}
               {% with card.custom_fields|get:item.template as value %}
               {% with card.custom_fields|get:item.template|force_escape as value %}
               {% if item.display_mode == "title" %}
               <h3>{{ value }}</h3>
               {% elif item.display_mode == "label" %}

         let cell_text = "";
         if (schema_field || schema_cell.varname == '@custom@') {
           const cell_content = schema_cell.varname == '@custom@' ? schema_cell.template + ' (' + gettext('Custom') + ')' : schema_field.label;
           cell_text += '<span class="' + schema_cell.display_mode + '">' + cell_content + '</span>';
           cell_text += $('<span/>').addClass(schema_cell.display_mode).text(cell_content).html();
           cell_text += '<span class="cell-meta">';
           let cell_display_mode_label = $(this.grid_cell_form).find('select[name="display_mode"] option[value="' + schema_cell.display_mode + '"]').text();
           cell_text += '<span class="cell-display-mode-label">' + cell_display_mode_label + '</span>';

         # custom field
         cell.custom_schema = {
             'cells': [
                 {'varname': '@custom@', 'template': 'Foo bar baz', 'display_mode': 'title'},
                 {'varname': '@custom@', 'template': '<b>Foo</b> bar baz', 'display_mode': 'title'},
+            ]
+        }
         cell.save()
         result = cell.render(context)
         assert PyQuery(result).find('h3').text() == 'Foo bar baz'
         assert '&lt;b&gt;Foo&lt;/b&gt;' in result
         assert PyQuery(result).find('h3').text() == '<b>Foo</b> bar baz'
         # test context
         cell.custom_schema['cells'][0][
+    -

Projet

Général

Profil

Produits Entr'ouvert » Combo

0006-escape-html-57134.patch