1
0
mirror of https://github.com/django/django.git synced 2025-10-25 22:56:12 +00:00

Fixed #33096 -- Fixed <form> nesting in technical 500 template.

This also prevents sending <form> tags in emails.
This commit is contained in:
Jan Schär
2021-09-07 22:50:29 +02:00
committed by Mariusz Felisiak
parent 0a28b42b15
commit 06e59d97a3
2 changed files with 18 additions and 2 deletions

View File

@@ -276,8 +276,8 @@
{% endfor %} {% endfor %}
</ul> </ul>
</div> </div>
<form action="https://dpaste.com/" name="pasteform" id="pasteform" method="post">
{% if not is_email %} {% if not is_email %}
<form action="https://dpaste.com/" name="pasteform" id="pasteform" method="post">
<div id="pastebinTraceback" class="pastebin"> <div id="pastebinTraceback" class="pastebin">
<input type="hidden" name="language" value="PythonConsole"> <input type="hidden" name="language" value="PythonConsole">
<input type="hidden" name="title" <input type="hidden" name="title"
@@ -327,8 +327,8 @@ Exception Value: {{ exception_value|force_escape }}
<input type="submit" value="Share this traceback on a public website"> <input type="submit" value="Share this traceback on a public website">
</div> </div>
</form> </form>
</div>
{% endif %} {% endif %}
</div>
{% endif %} {% endif %}
<div id="requestinfo"> <div id="requestinfo">

View File

@@ -422,6 +422,22 @@ class AdminEmailHandlerTest(SimpleTestCase):
msg = mail.outbox[0] msg = mail.outbox[0]
self.assertEqual(msg.body, 'message\n\ncustom traceback text') self.assertEqual(msg.body, 'message\n\ncustom traceback text')
@override_settings(ADMINS=[('admin', 'admin@example.com')])
def test_emit_no_form_tag(self):
"""HTML email doesn't contain forms."""
handler = AdminEmailHandler(include_html=True)
record = self.logger.makeRecord(
'name', logging.ERROR, 'function', 'lno', 'message', None, None,
)
handler.emit(record)
self.assertEqual(len(mail.outbox), 1)
msg = mail.outbox[0]
self.assertEqual(msg.subject, '[Django] ERROR: message')
self.assertEqual(len(msg.alternatives), 1)
body_html = str(msg.alternatives[0][0])
self.assertIn('<div id="traceback">', body_html)
self.assertNotIn('<form', body_html)
class SettingsConfigTest(AdminScriptTestCase): class SettingsConfigTest(AdminScriptTestCase):
""" """