1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Fixed #33096 -- Fixed <form> nesting in technical 500 template.

This also prevents sending <form> tags in emails.
This commit is contained in:
Jan Schär 2021-09-07 22:50:29 +02:00 committed by Mariusz Felisiak
parent 0a28b42b15
commit 06e59d97a3
2 changed files with 18 additions and 2 deletions

View File

@ -276,8 +276,8 @@
{% endfor %}
</ul>
</div>
<form action="https://dpaste.com/" name="pasteform" id="pasteform" method="post">
{% if not is_email %}
<form action="https://dpaste.com/" name="pasteform" id="pasteform" method="post">
<div id="pastebinTraceback" class="pastebin">
<input type="hidden" name="language" value="PythonConsole">
<input type="hidden" name="title"
@ -327,8 +327,8 @@ Exception Value: {{ exception_value|force_escape }}
<input type="submit" value="Share this traceback on a public website">
</div>
</form>
</div>
{% endif %}
</div>
{% endif %}
<div id="requestinfo">

View File

@ -422,6 +422,22 @@ class AdminEmailHandlerTest(SimpleTestCase):
msg = mail.outbox[0]
self.assertEqual(msg.body, 'message\n\ncustom traceback text')
@override_settings(ADMINS=[('admin', 'admin@example.com')])
def test_emit_no_form_tag(self):
"""HTML email doesn't contain forms."""
handler = AdminEmailHandler(include_html=True)
record = self.logger.makeRecord(
'name', logging.ERROR, 'function', 'lno', 'message', None, None,
)
handler.emit(record)
self.assertEqual(len(mail.outbox), 1)
msg = mail.outbox[0]
self.assertEqual(msg.subject, '[Django] ERROR: message')
self.assertEqual(len(msg.alternatives), 1)
body_html = str(msg.alternatives[0][0])
self.assertIn('<div id="traceback">', body_html)
self.assertNotIn('<form', body_html)
class SettingsConfigTest(AdminScriptTestCase):
"""