diff options
| author | varunkasyap <varunkasyap@hotmail.com> | 2025-11-15 10:36:46 +0530 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2025-11-18 17:17:28 -0500 |
| commit | 001c2f546b4053acb04f16d6b704f7b4fbca1c45 (patch) | |
| tree | 98389cc7e89064c7a7b8635c6c1f3bfb67b85af8 /tests | |
| parent | edec3e59a33ae4f456194c29630fd601213eee2f (diff) | |
[5.2.x] Fixed #36733 -- Escaped attributes in Stylesheet.__str__().
Thanks Mustafa Barakat for the report, Baptiste Mispelon for
the triage, and Jake Howard for the review.
Backport of e05f2a75695b5f5faa7682d4053db4776d4d6f93 from main.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/syndication_tests/tests.py | 28 | ||||
| -rw-r--r-- | tests/utils_tests/test_feedgenerator.py | 16 |
2 files changed, 29 insertions, 15 deletions
diff --git a/tests/syndication_tests/tests.py b/tests/syndication_tests/tests.py index 6403f7461a..0cb4b40339 100644 --- a/tests/syndication_tests/tests.py +++ b/tests/syndication_tests/tests.py @@ -577,51 +577,51 @@ class SyndicationFeedTest(FeedTestCase): def test_stylesheets(self): testdata = [ # Plain strings. - ("/test.xsl", 'href="/test.xsl" type="text/xsl" media="screen"'), - ("/test.xslt", 'href="/test.xslt" type="text/xsl" media="screen"'), - ("/test.css", 'href="/test.css" type="text/css" media="screen"'), + ("/test.xsl", 'href="/test.xsl" media="screen" type="text/xsl"'), + ("/test.xslt", 'href="/test.xslt" media="screen" type="text/xsl"'), + ("/test.css", 'href="/test.css" media="screen" type="text/css"'), ("/test", 'href="/test" media="screen"'), ( "https://example.com/test.xsl", - 'href="https://example.com/test.xsl" type="text/xsl" media="screen"', + 'href="https://example.com/test.xsl" media="screen" type="text/xsl"', ), ( "https://example.com/test.css", - 'href="https://example.com/test.css" type="text/css" media="screen"', + 'href="https://example.com/test.css" media="screen" type="text/css"', ), ( "https://example.com/test", 'href="https://example.com/test" media="screen"', ), - ("/♥.xsl", 'href="/%E2%99%A5.xsl" type="text/xsl" media="screen"'), + ("/♥.xsl", 'href="/%E2%99%A5.xsl" media="screen" type="text/xsl"'), ( static("stylesheet.xsl"), - 'href="/static/stylesheet.xsl" type="text/xsl" media="screen"', + 'href="/static/stylesheet.xsl" media="screen" type="text/xsl"', ), ( static("stylesheet.css"), - 'href="/static/stylesheet.css" type="text/css" media="screen"', + 'href="/static/stylesheet.css" media="screen" type="text/css"', ), (static("stylesheet"), 'href="/static/stylesheet" media="screen"'), ( reverse("syndication-xsl-stylesheet"), - 'href="/syndication/stylesheet.xsl" type="text/xsl" media="screen"', + 'href="/syndication/stylesheet.xsl" media="screen" type="text/xsl"', ), ( reverse_lazy("syndication-xsl-stylesheet"), - 'href="/syndication/stylesheet.xsl" type="text/xsl" media="screen"', + 'href="/syndication/stylesheet.xsl" media="screen" type="text/xsl"', ), # Stylesheet objects. ( Stylesheet("/test.xsl"), - 'href="/test.xsl" type="text/xsl" media="screen"', + 'href="/test.xsl" media="screen" type="text/xsl"', ), (Stylesheet("/test.xsl", mimetype=None), 'href="/test.xsl" media="screen"'), (Stylesheet("/test.xsl", media=None), 'href="/test.xsl" type="text/xsl"'), (Stylesheet("/test.xsl", mimetype=None, media=None), 'href="/test.xsl"'), ( Stylesheet("/test.xsl", mimetype="text/xml"), - 'href="/test.xsl" type="text/xml" media="screen"', + 'href="/test.xsl" media="screen" type="text/xml"', ), ] for stylesheet, expected in testdata: @@ -641,12 +641,12 @@ class SyndicationFeedTest(FeedTestCase): self.assertEqual(doc.childNodes[0].nodeName, "xml-stylesheet") self.assertEqual( doc.childNodes[0].data, - 'href="/stylesheet1.xsl" type="text/xsl" media="screen"', + 'href="/stylesheet1.xsl" media="screen" type="text/xsl"', ) self.assertEqual(doc.childNodes[1].nodeName, "xml-stylesheet") self.assertEqual( doc.childNodes[1].data, - 'href="/stylesheet2.xsl" type="text/xsl" media="screen"', + 'href="/stylesheet2.xsl" media="screen" type="text/xsl"', ) def test_stylesheets_typeerror_if_str_or_stylesheet(self): diff --git a/tests/utils_tests/test_feedgenerator.py b/tests/utils_tests/test_feedgenerator.py index e5ceafb8fa..41e54a43b3 100644 --- a/tests/utils_tests/test_feedgenerator.py +++ b/tests/utils_tests/test_feedgenerator.py @@ -156,6 +156,20 @@ class FeedgeneratorTests(SimpleTestCase): stylesheet = feedgenerator.Stylesheet(SimpleLazyObject(m)) m.assert_not_called() self.assertEqual( - str(stylesheet), 'href="test.css" type="text/css" media="screen"' + str(stylesheet), 'href="test.css" media="screen" type="text/css"' ) m.assert_called_once() + + def test_stylesheet_attribute_escaping(self): + style = feedgenerator.Stylesheet( + url='http://example.com/style.css?foo="bar"&baz=<>', + mimetype='text/css; charset="utf-8"', + media='screen and (max-width: "600px")', + ) + + self.assertEqual( + str(style), + 'href="http://example.com/style.css?foo=%22bar%22&baz=%3C%3E" ' + 'media="screen and (max-width: "600px")" ' + 'type="text/css; charset="utf-8""', + ) |