1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Fixed #28874 -- Prevented double escaping of errors on hidden form fields.

This commit is contained in:
Daniil 2017-12-11 22:30:47 +10:00 committed by Tim Graham
parent d13a9e44de
commit 7c7bc6391a
2 changed files with 22 additions and 2 deletions

View File

@ -199,8 +199,7 @@ class BaseForm:
for name, field in self.fields.items():
html_class_attr = ''
bf = self[name]
# Escape and cache in local variable.
bf_errors = self.error_class([conditional_escape(error) for error in bf.errors])
bf_errors = self.error_class(bf.errors)
if bf.is_hidden:
if bf_errors:
top_errors.extend(

View File

@ -3398,6 +3398,27 @@ Good luck picking a username that doesn&#39;t already exist.</p>
<div class="errorlist"><div class="error">This field is required.</div></div>
<p>Comment: <input type="text" name="comment" required /></p>""")
def test_error_escaping(self):
class TestForm(Form):
hidden = CharField(widget=HiddenInput(), required=False)
visible = CharField()
def clean_hidden(self):
raise ValidationError('Foo & "bar"!')
clean_visible = clean_hidden
form = TestForm({'hidden': 'a', 'visible': 'b'})
form.is_valid()
self.assertHTMLEqual(
form.as_ul(),
'<li><ul class="errorlist nonfield"><li>(Hidden field hidden) Foo &amp; &quot;bar&quot;!</li></ul></li>'
'<li><ul class="errorlist"><li>Foo &amp; &quot;bar&quot;!</li></ul>'
'<label for="id_visible">Visible:</label> '
'<input type="text" name="visible" value="b" id="id_visible" required />'
'<input type="hidden" name="hidden" value="a" id="id_hidden" /></li>'
)
def test_baseform_repr(self):
"""
BaseForm.__repr__() should contain some basic information about the