misc: unquote HTML entities inside Django variables (#30004)
This commit is contained in:
parent
821a3e1a6b
commit
9d4668aa04
|
@ -386,11 +386,17 @@ def test_wysiwygwidget():
|
|||
assert not widget.has_error()
|
||||
assert widget.parse() == '<a href="">a</a>' # javascript: got filtered
|
||||
|
||||
# check django templatetags are kept intact
|
||||
# check django syntax is kept intact
|
||||
widget = WysiwygTextWidget('test')
|
||||
mock_form_submission(req, widget, {'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>'})
|
||||
mock_form_submission(req, widget, {'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'})
|
||||
assert not widget.has_error()
|
||||
assert widget.parse() == '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}plop{% endif %}</a>'
|
||||
assert widget.parse() == '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
||||
|
||||
# make sure it is kept intact even after ckeditor escaped characters
|
||||
widget = WysiwygTextWidget('test')
|
||||
mock_form_submission(req, widget, {'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'})
|
||||
assert not widget.has_error()
|
||||
assert widget.parse() == '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
||||
|
||||
# check we don't escape HTML if feedparser _sanitizeHTML is missing
|
||||
wcs.qommon.form._sanitizeHTML = None
|
||||
|
|
|
@ -1373,7 +1373,7 @@ class WysiwygTextWidget(TextWidget):
|
|||
charset = get_publisher().site_charset
|
||||
def unquote_django(matchobj):
|
||||
return parser.unescape(unicode(matchobj.group(0), charset)).encode(charset)
|
||||
self.value = re.sub('{%(.*?)%}', unquote_django, self.value)
|
||||
self.value = re.sub('{[{%](.*?)[%}]}', unquote_django, self.value)
|
||||
|
||||
def add_media(self):
|
||||
get_response().add_javascript(['qommon.wysiwyg.js'])
|
||||
|
|
Loading…
Reference in New Issue