mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #28874 -- Prevented double escaping of errors on hidden form fields.
This commit is contained in:
parent
d13a9e44de
commit
7c7bc6391a
@ -199,8 +199,7 @@ class BaseForm:
|
||||
for name, field in self.fields.items():
|
||||
html_class_attr = ''
|
||||
bf = self[name]
|
||||
# Escape and cache in local variable.
|
||||
bf_errors = self.error_class([conditional_escape(error) for error in bf.errors])
|
||||
bf_errors = self.error_class(bf.errors)
|
||||
if bf.is_hidden:
|
||||
if bf_errors:
|
||||
top_errors.extend(
|
||||
|
@ -3398,6 +3398,27 @@ Good luck picking a username that doesn't already exist.</p>
|
||||
<div class="errorlist"><div class="error">This field is required.</div></div>
|
||||
<p>Comment: <input type="text" name="comment" required /></p>""")
|
||||
|
||||
def test_error_escaping(self):
|
||||
class TestForm(Form):
|
||||
hidden = CharField(widget=HiddenInput(), required=False)
|
||||
visible = CharField()
|
||||
|
||||
def clean_hidden(self):
|
||||
raise ValidationError('Foo & "bar"!')
|
||||
|
||||
clean_visible = clean_hidden
|
||||
|
||||
form = TestForm({'hidden': 'a', 'visible': 'b'})
|
||||
form.is_valid()
|
||||
self.assertHTMLEqual(
|
||||
form.as_ul(),
|
||||
'<li><ul class="errorlist nonfield"><li>(Hidden field hidden) Foo & "bar"!</li></ul></li>'
|
||||
'<li><ul class="errorlist"><li>Foo & "bar"!</li></ul>'
|
||||
'<label for="id_visible">Visible:</label> '
|
||||
'<input type="text" name="visible" value="b" id="id_visible" required />'
|
||||
'<input type="hidden" name="hidden" value="a" id="id_hidden" /></li>'
|
||||
)
|
||||
|
||||
def test_baseform_repr(self):
|
||||
"""
|
||||
BaseForm.__repr__() should contain some basic information about the
|
||||
|
Loading…
Reference in New Issue
Block a user