Projet

Général

Profil

0001-wcs-escape-custom-title-59598.patch

Lauréline Guérin, 17 décembre 2021 18:57

Télécharger (1,47 ko)

Voir les différences: 

Subject: [PATCH] wcs: escape custom title (#59598)


 combo/apps/wcs/templates/combo/wcs/card.html | 2 +-
 tests/test_wcs.py                            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
combo/apps/wcs/templates/combo/wcs/card.html
4 4 
{% if not card_not_found %}
5 5 

  		




  6
  6
  
    
{% block cell-header %}

  		




  7
  
  
    
{% if title %}<h2>{{ title }}</h2>{% endif %}

  		




  
  7
  
    
{% if title %}<h2>{{ title|force_escape }}</h2>{% endif %}

  		




  8
  8
  
    
{% include "combo/asset_picture_fragment.html" %}

  		




  9
  9
  
    
{% endblock %}

  		




  10
  10
  
    

  		












  

    
      tests/test_wcs.py
    
  





  1866
  1866
  
    

  		




  1867
  1867
  
    
    context.pop('title')

  		




  1868
  1868
  
    
    cell.title_type = 'manual'

  		




  1869
  
  
    
    cell.custom_title = 'Foo bar {{ card.fields.fielda }}'

  		




  
  1869
  
    
    cell.custom_title = '<b>Foo bar {{ card.fields.fielda }}</b>'

  		




  1870
  1870
  
    
    cell.save()

  		




  1871
  1871
  
    
    result = cell.render(context)

  		




  1872
  
  
    
    assert '<h2>Foo bar a</h2>' in result

  		




  
  1872
  
    
    assert '<h2>&lt;b&gt;Foo bar a&lt;/b&gt;</h2>' in result

  		




  1873
  1873
  
    

  		




  1874
  1874
  
    
    context.pop('title')

  		




  1875
  1875
  
    
    cell.custom_title = '{{ foobar }}'

  		




  1876
  
  
    
-