0001-wcs-escape-custom-title-59598.patch
combo/apps/wcs/templates/combo/wcs/card.html | ||
---|---|---|
4 | 4 |
{% if not card_not_found %} |
5 | 5 | |
6 | 6 |
{% block cell-header %} |
7 |
{% if title %}<h2>{{ title }}</h2>{% endif %} |
|
7 |
{% if title %}<h2>{{ title|force_escape }}</h2>{% endif %}
|
|
8 | 8 |
{% include "combo/asset_picture_fragment.html" %} |
9 | 9 |
{% endblock %} |
10 | 10 |
tests/test_wcs.py | ||
---|---|---|
1866 | 1866 | |
1867 | 1867 |
context.pop('title') |
1868 | 1868 |
cell.title_type = 'manual' |
1869 |
cell.custom_title = 'Foo bar {{ card.fields.fielda }}'
|
|
1869 |
cell.custom_title = '<b>Foo bar {{ card.fields.fielda }}</b>'
|
|
1870 | 1870 |
cell.save() |
1871 | 1871 |
result = cell.render(context) |
1872 |
assert '<h2>Foo bar a</h2>' in result
|
|
1872 |
assert '<h2><b>Foo bar a</b></h2>' in result
|
|
1873 | 1873 | |
1874 | 1874 |
context.pop('title') |
1875 | 1875 |
cell.custom_title = '{{ foobar }}' |
1876 |
- |