From b3361c6e1d9a5538a0fc24d679bb3ed535d3f0ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 4 Mar 2016 11:02:25 +0100
Subject: [PATCH] misc: don't escape html if _sanitizeHTML is absent (#10194)

---
 tests/test_widgets.py | 4 ++--
 wcs/qommon/form.py    | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/test_widgets.py b/tests/test_widgets.py
index a8daf62..0a5bdb4 100644
--- a/tests/test_widgets.py
+++ b/tests/test_widgets.py
@@ -332,10 +332,10 @@ def test_wysiwygwidget():
         assert not widget.has_error()
         assert widget.parse() == '<a href="">a</a>' # javascript: got filtered
 
-    # check we get escaped HTML if feedparser _sanitizeHTML is missing
+    # check we don't escape HTML if feedparser _sanitizeHTML is missing
     wcs.qommon.form._sanitizeHTML = None
     widget = WysiwygTextWidget('test')
     mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'})
     assert not widget.has_error()
-    assert widget.parse() == '&lt;p&gt;bla bla bla&lt;/p&gt;'
+    assert widget.parse() == '<p>bla bla bla</p>'
     wcs.qommon.form._sanitizeHTML = sanitize_html
diff --git a/wcs/qommon/form.py b/wcs/qommon/form.py
index febd9c5..431ecba 100644
--- a/wcs/qommon/form.py
+++ b/wcs/qommon/form.py
@@ -1286,8 +1286,6 @@ class WysiwygTextWidget(TextWidget):
         if self.value:
             if _sanitizeHTML:
                 self.value = _sanitizeHTML(self.value, get_request().charset, 'text/html')
-            else:
-                self.value = str(htmlescape(self.value))
             if self.value.startswith('<br />'):
                 self.value = self.value[6:]
             if self.value.endswith('<br />'):
-- 
2.7.0