From 2cb6b7732dc7b172797cebb1e8f19be2de89e264 Mon Sep 17 00:00:00 2001 From: Alvin Lindstam Date: Wed, 3 Jan 2018 01:51:06 +0100 Subject: Fixed #28902 -- Fixed password_validators_help_text_html() double escaping. --- tests/auth_tests/test_validators.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'tests') diff --git a/tests/auth_tests/test_validators.py b/tests/auth_tests/test_validators.py index 068dec9981..d43efc6a3c 100644 --- a/tests/auth_tests/test_validators.py +++ b/tests/auth_tests/test_validators.py @@ -13,6 +13,7 @@ from django.core.exceptions import ValidationError from django.db import models from django.test import TestCase, override_settings from django.test.utils import isolate_apps +from django.utils.html import conditional_escape @override_settings(AUTH_PASSWORD_VALIDATORS=[ @@ -68,6 +69,15 @@ class PasswordValidationTest(TestCase): self.assertEqual(help_text.count('
  • '), 2) self.assertIn('12 characters', help_text) + def test_password_validators_help_text_html_escaping(self): + class AmpersandValidator: + def get_help_text(self): + return 'Must contain &' + help_text = password_validators_help_text_html([AmpersandValidator()]) + self.assertEqual(help_text, '') + # help_text is marked safe and therefore unchanged by conditional_escape(). + self.assertEqual(help_text, conditional_escape(help_text)) + @override_settings(AUTH_PASSWORD_VALIDATORS=[]) def test_empty_password_validator_help_text_html(self): self.assertEqual(password_validators_help_text_html(), '') -- cgit v1.3