wcs: escape custom title (#59598)
This commit is contained in:
parent
541ac61eba
commit
4db81d3fce
|
@ -4,7 +4,7 @@
|
|||
{% if not card_not_found %}
|
||||
|
||||
{% block cell-header %}
|
||||
{% if title %}<h2>{{ title }}</h2>{% endif %}
|
||||
{% if title %}<h2>{{ title|force_escape }}</h2>{% endif %}
|
||||
{% include "combo/asset_picture_fragment.html" %}
|
||||
{% endblock %}
|
||||
|
||||
|
|
|
@ -1868,10 +1868,10 @@ def test_card_cell_render(mock_send, context):
|
|||
|
||||
context.pop('title')
|
||||
cell.title_type = 'manual'
|
||||
cell.custom_title = 'Foo bar {{ card.fields.fielda }}'
|
||||
cell.custom_title = '<b>Foo bar {{ card.fields.fielda }}</b>'
|
||||
cell.save()
|
||||
result = cell.render(context)
|
||||
assert '<h2>Foo bar a</h2>' in result
|
||||
assert '<h2><b>Foo bar a</b></h2>' in result
|
||||
|
||||
context.pop('title')
|
||||
cell.custom_title = '{{ foobar }}'
|
||||
|
|
Loading…
Reference in New Issue