From bcd63cbfb0590a2e2bed3e4beab3f467279ad3db Mon Sep 17 00:00:00 2001 From: Karen Tracey Date: Thu, 6 Nov 2008 19:49:24 +0000 Subject: Fixed #6160, #9111 -- Consistently apply conditional_escape to form errors and labels when outputing them as HTML. git-svn-id: http://code.djangoproject.com/svn/django/trunk@9365 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- tests/regressiontests/forms/forms.py | 18 +++++++++++++----- tests/regressiontests/forms/util.py | 7 +++++++ 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'tests/regressiontests/forms') diff --git a/tests/regressiontests/forms/forms.py b/tests/regressiontests/forms/forms.py index 76132b273f..6bee94e579 100644 --- a/tests/regressiontests/forms/forms.py +++ b/tests/regressiontests/forms/forms.py @@ -593,17 +593,25 @@ u'Yesterday' u'Yesterday' Validation errors are HTML-escaped when output as HTML. +>>> from django.utils.safestring import mark_safe >>> class EscapingForm(Form): -... special_name = CharField() +... special_name = CharField(label="Special Field") +... special_safe_name = CharField(label=mark_safe("Special Field")) ... def clean_special_name(self): ... raise ValidationError("Something's wrong with '%s'" % self.cleaned_data['special_name']) +... def clean_special_safe_name(self): +... raise ValidationError(mark_safe("'%s' is a safe string" % self.cleaned_data['special_safe_name'])) ->>> f = EscapingForm({'special_name': "Nothing to escape"}, auto_id=False) +>>> f = EscapingForm({'special_name': "Nothing to escape", 'special_safe_name': "Nothing to escape"}, auto_id=False) >>> print f -Special name: ->>> f = EscapingForm({'special_name': "Should escape < & > and "}, auto_id=False) +<em>Special</em> Field: +Special Field: +>>> f = EscapingForm( +... {'special_name': "Should escape < & > and ", +... 'special_safe_name': "Do not escape"}, auto_id=False) >>> print f -Special name: +<em>Special</em> Field: +Special Field: """ + \ r""" # [This concatenation is to keep the string below the jython's 32K limit]. diff --git a/tests/regressiontests/forms/util.py b/tests/regressiontests/forms/util.py index 68c082c114..845ddeaadb 100644 --- a/tests/regressiontests/forms/util.py +++ b/tests/regressiontests/forms/util.py @@ -49,4 +49,11 @@ u'' # Can take a non-string. >>> print ValidationError(VeryBadError()).messages + +# Escapes non-safe input but not input marked safe. +>>> example = 'Example of link: example' +>>> print ValidationError(example).messages + +>>> print ValidationError(mark_safe(example)).messages + """ -- cgit v1.3