[1.9.x] Fixed XSS in admin's add/change related popup.

This is a security fix.

1 files changed, 8 insertions, 1 deletions

diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 31e4326ff7..bf419678a0 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -4625,8 +4625,10 @@ class SeleniumAdminViewsFirefoxTests(AdminSeleniumWebDriverTestCase):
         """
         list_editable foreign keys have add/change popups.
         """
+        from selenium.webdriver.support.ui import Select
         s1 = Section.objects.create(name='Test section')
         Article.objects.create(
+            title='foo',
             content='<p>Middle content</p>',
             date=datetime.datetime(2008, 3, 18, 11, 54, 58),
             section=s1,
@@ -4638,8 +4640,13 @@ class SeleniumAdminViewsFirefoxTests(AdminSeleniumWebDriverTestCase):
         self.wait_for_popup()
         self.selenium.switch_to.window(self.selenium.window_handles[-1])
         self.wait_for_text('#content h1', 'Change section')
-        self.selenium.close()
+        name_input = self.selenium.find_element_by_id('id_name')
+        name_input.clear()
+        name_input.send_keys('<i>edited section</i>')
+        self.selenium.find_element_by_xpath('//input[@value="Save"]').click()
         self.selenium.switch_to.window(self.selenium.window_handles[0])
+        select = Select(self.selenium.find_element_by_id('id_form-0-section'))
+        self.assertEqual(select.first_selected_option.text, '<i>edited section</i>')
 
         # Add popup
         self.selenium.find_element_by_id('add_id_form-0-section').click()