diff options
| author | Karen Tracey <kmtracey@gmail.com> | 2008-11-06 19:49:24 +0000 |
|---|---|---|
| committer | Karen Tracey <kmtracey@gmail.com> | 2008-11-06 19:49:24 +0000 |
| commit | bcd63cbfb0590a2e2bed3e4beab3f467279ad3db (patch) | |
| tree | 35a45e1f97562e1747b0c6458f14e8f11afd11b0 /django | |
| parent | 04354e1afcd5d4b4813282c4849017b89f66aa24 (diff) | |
Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9365 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/tests/views.py | 6 | ||||
| -rw-r--r-- | django/forms/forms.py | 8 | ||||
| -rw-r--r-- | django/forms/util.py | 2 |
3 files changed, 8 insertions, 8 deletions
diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py index cf17b827e7..ec98cf07f7 100644 --- a/django/contrib/auth/tests/views.py +++ b/django/contrib/auth/tests/views.py @@ -16,7 +16,7 @@ class PasswordResetTest(TestCase): response = self.client.get('/password_reset/') self.assertEquals(response.status_code, 200) response = self.client.post('/password_reset/', {'email': 'not_a_real_email@email.com'}) - self.assertContains(response, "That e-mail address doesn't have an associated user account") + self.assertContains(response, "That e-mail address doesn't have an associated user account") self.assertEquals(len(mail.outbox), 0) def test_email_found(self): @@ -87,7 +87,7 @@ class PasswordResetTest(TestCase): response = self.client.post(path, {'new_password1': 'anewpassword', 'new_password2':' x'}) self.assertEquals(response.status_code, 200) - self.assert_("The two password fields didn't match" in response.content) + self.assert_("The two password fields didn't match" in response.content) class ChangePasswordTest(TestCase): @@ -147,7 +147,7 @@ class ChangePasswordTest(TestCase): } ) self.assertEquals(response.status_code, 200) - self.assert_("The two password fields didn't match." in response.content) + self.assert_("The two password fields didn't match." in response.content) def test_password_change_succeeds(self): self.login() diff --git a/django/forms/forms.py b/django/forms/forms.py index 3a6182611e..e28479fb8b 100644 --- a/django/forms/forms.py +++ b/django/forms/forms.py @@ -5,7 +5,7 @@ Form classes from copy import deepcopy from django.utils.datastructures import SortedDict -from django.utils.html import escape +from django.utils.html import conditional_escape from django.utils.encoding import StrAndUnicode, smart_unicode, force_unicode from django.utils.safestring import mark_safe @@ -140,7 +140,7 @@ class BaseForm(StrAndUnicode): output, hidden_fields = [], [] for name, field in self.fields.items(): bf = BoundField(self, field, name) - bf_errors = self.error_class([escape(error) for error in bf.errors]) # Escape and cache in local variable. + bf_errors = self.error_class([conditional_escape(error) for error in bf.errors]) # Escape and cache in local variable. if bf.is_hidden: if bf_errors: top_errors.extend([u'(Hidden field %s) %s' % (name, force_unicode(e)) for e in bf_errors]) @@ -149,7 +149,7 @@ class BaseForm(StrAndUnicode): if errors_on_separate_row and bf_errors: output.append(error_row % force_unicode(bf_errors)) if bf.label: - label = escape(force_unicode(bf.label)) + label = conditional_escape(force_unicode(bf.label)) # Only add the suffix if the label does not end in # punctuation. if self.label_suffix: @@ -395,7 +395,7 @@ class BoundField(StrAndUnicode): If attrs are given, they're used as HTML attributes on the <label> tag. """ - contents = contents or escape(self.label) + contents = contents or conditional_escape(self.label) widget = self.field.widget id_ = widget.attrs.get('id') or self.auto_id if id_: diff --git a/django/forms/util.py b/django/forms/util.py index ea936277b0..b9b88a61e6 100644 --- a/django/forms/util.py +++ b/django/forms/util.py @@ -39,7 +39,7 @@ class ErrorList(list, StrAndUnicode): def as_ul(self): if not self: return u'' return mark_safe(u'<ul class="errorlist">%s</ul>' - % ''.join([u'<li>%s</li>' % force_unicode(e) for e in self])) + % ''.join([u'<li>%s</li>' % conditional_escape(force_unicode(e)) for e in self])) def as_text(self): if not self: return u'' |
