Fixed #24469 -- Refined escaping of Django's form elements in non-Django templates.

2025-08-30 23:37:50 +00:00 · 2015-03-18 21:42:59 +01:00 · 2015-03-18 21:42:59 +01:00 · 1f2abf784a
commit 1f2abf784a
parent dc5b01ad05
15 changed files with 198 additions and 21 deletions
--- a/tests/utils_tests/test_html.py
+++ b/tests/utils_tests/test_html.py
@ -3,16 +3,15 @@ from __future__ import unicode_literals

 import os
 from datetime import datetime
-from unittest import TestCase

-from django.test import ignore_warnings
-from django.utils import html, safestring
+from django.test import SimpleTestCase, ignore_warnings
+from django.utils import html, safestring, six
 from django.utils._os import upath
 from django.utils.deprecation import RemovedInDjango20Warning
 from django.utils.encoding import force_text


-class TestUtilsHtml(TestCase):
+class TestUtilsHtml(SimpleTestCase):

    def check_output(self, function, value, output=None):
        """
@ -185,3 +184,67 @@ class TestUtilsHtml(TestCase):
        self.assertEqual(html.conditional_escape(s),
                         '&lt;h1&gt;interop&lt;/h1&gt;')
        self.assertEqual(html.conditional_escape(safestring.mark_safe(s)), s)
+
+    def test_html_safe(self):
+        @html.html_safe
+        class HtmlClass(object):
+            if six.PY2:
+                def __unicode__(self):
+                    return "<h1>I'm a html class!</h1>"
+            else:
+                def __str__(self):
+                    return "<h1>I'm a html class!</h1>"
+
+        html_obj = HtmlClass()
+        self.assertTrue(hasattr(HtmlClass, '__html__'))
+        self.assertTrue(hasattr(html_obj, '__html__'))
+        self.assertEqual(force_text(html_obj), html_obj.__html__())
+
+    def test_html_safe_subclass(self):
+        if six.PY2:
+            class BaseClass(object):
+                def __html__(self):
+                    # defines __html__ on its own
+                    return 'some html content'
+
+                def __unicode__(self):
+                    return 'some non html content'
+
+            @html.html_safe
+            class Subclass(BaseClass):
+                def __unicode__(self):
+                    # overrides __unicode__ and is marked as html_safe
+                    return 'some html safe content'
+        else:
+            class BaseClass(object):
+                def __html__(self):
+                    # defines __html__ on its own
+                    return 'some html content'
+
+                def __str__(self):
+                    return 'some non html content'
+
+            @html.html_safe
+            class Subclass(BaseClass):
+                def __str__(self):
+                    # overrides __str__ and is marked as html_safe
+                    return 'some html safe content'
+
+        subclass_obj = Subclass()
+        self.assertEqual(force_text(subclass_obj), subclass_obj.__html__())
+
+    def test_html_safe_defines_html_error(self):
+        msg = "can't apply @html_safe to HtmlClass because it defines __html__()."
+        with self.assertRaisesMessage(ValueError, msg):
+            @html.html_safe
+            class HtmlClass(object):
+                def __html__(self):
+                    return "<h1>I'm a html class!</h1>"
+
+    def test_html_safe_doesnt_define_str(self):
+        method_name = '__unicode__()' if six.PY2 else '__str__()'
+        msg = "can't apply @html_safe to HtmlClass because it doesn't define %s." % method_name
+        with self.assertRaisesMessage(ValueError, msg):
+            @html.html_safe
+            class HtmlClass(object):
+                pass