mirror of
https://github.com/django/django.git
synced 2025-08-03 18:38:50 +00:00
Fixed #15667 -- Added template-based widget rendering.
Thanks Carl Meyer and Tim Graham for contributing to the patch.
This commit is contained in:
parent
51cde873d9
commit
b52c73008a
98 changed files with 1334 additions and 874 deletions
|
@ -3,6 +3,7 @@ from __future__ import unicode_literals
|
|||
|
||||
import gettext
|
||||
import os
|
||||
import re
|
||||
from datetime import datetime, timedelta
|
||||
from importlib import import_module
|
||||
|
||||
|
@ -354,34 +355,53 @@ class AdminURLWidgetTest(SimpleTestCase):
|
|||
)
|
||||
|
||||
def test_render_quoting(self):
|
||||
# WARNING: Don't use assertHTMLEqual in that testcase!
|
||||
# assertHTMLEqual will get rid of some escapes which are tested here!
|
||||
"""
|
||||
WARNING: This test doesn't use assertHTMLEqual since it will get rid
|
||||
of some escapes which are tested here!
|
||||
"""
|
||||
HREF_RE = re.compile('href="([^"]+)"')
|
||||
VALUE_RE = re.compile('value="([^"]+)"')
|
||||
TEXT_RE = re.compile('<a[^>]+>([^>]+)</a>')
|
||||
w = widgets.AdminURLFieldWidget()
|
||||
output = w.render('test', 'http://example.com/<sometag>some text</sometag>')
|
||||
self.assertEqual(
|
||||
w.render('test', 'http://example.com/<sometag>some text</sometag>'),
|
||||
'<p class="url">Currently: '
|
||||
'<a href="http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E">'
|
||||
'http://example.com/<sometag>some text</sometag></a><br />'
|
||||
'Change: <input class="vURLField" name="test" type="url" '
|
||||
'value="http://example.com/<sometag>some text</sometag>" /></p>'
|
||||
HREF_RE.search(output).groups()[0],
|
||||
'http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E',
|
||||
)
|
||||
self.assertEqual(
|
||||
w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>'),
|
||||
'<p class="url">Currently: '
|
||||
'<a href="http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E">'
|
||||
'http://example-äüö.com/<sometag>some text</sometag></a><br />'
|
||||
'Change: <input class="vURLField" name="test" type="url" '
|
||||
'value="http://example-äüö.com/<sometag>some text</sometag>" /></p>'
|
||||
TEXT_RE.search(output).groups()[0],
|
||||
'http://example.com/<sometag>some text</sometag>',
|
||||
)
|
||||
self.assertEqual(
|
||||
w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"'),
|
||||
'<p class="url">Currently: '
|
||||
'<a href="http://www.example.com/%C3%A4%22%3E%3Cscript%3Ealert(%22XSS!%22)%3C/script%3E%22">'
|
||||
VALUE_RE.search(output).groups()[0],
|
||||
'http://example.com/<sometag>some text</sometag>',
|
||||
)
|
||||
output = w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>')
|
||||
self.assertEqual(
|
||||
HREF_RE.search(output).groups()[0],
|
||||
'http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E',
|
||||
)
|
||||
self.assertEqual(
|
||||
TEXT_RE.search(output).groups()[0],
|
||||
'http://example-äüö.com/<sometag>some text</sometag>',
|
||||
)
|
||||
self.assertEqual(
|
||||
VALUE_RE.search(output).groups()[0],
|
||||
'http://example-äüö.com/<sometag>some text</sometag>',
|
||||
)
|
||||
output = w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"')
|
||||
self.assertEqual(
|
||||
HREF_RE.search(output).groups()[0],
|
||||
'http://www.example.com/%C3%A4%22%3E%3Cscript%3Ealert(%22XSS!%22)%3C/script%3E%22',
|
||||
)
|
||||
self.assertEqual(
|
||||
TEXT_RE.search(output).groups()[0],
|
||||
'http://www.example.com/%C3%A4"><script>'
|
||||
'alert("XSS!")</script>"</a><br />'
|
||||
'Change: <input class="vURLField" name="test" type="url" '
|
||||
'value="http://www.example.com/%C3%A4"><script>'
|
||||
'alert("XSS!")</script>"" /></p>'
|
||||
'alert("XSS!")</script>"'
|
||||
)
|
||||
self.assertEqual(
|
||||
VALUE_RE.search(output).groups()[0],
|
||||
'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"',
|
||||
)
|
||||
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue