Fixed XSS in admin's add/change related popup.

This is a security fix.
2025-10-24 06:06:09 +00:00 · 2016-07-06 15:41:06 -04:00
parent 767849b765
commit 93c538694e
5 changed files with 31 additions and 9 deletions
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -4475,11 +4475,11 @@ class SeleniumTests(AdminSeleniumTestCase):
        self.wait_for_text('#content h1', 'Change section')
        name_input = self.selenium.find_element_by_id('id_name')
        name_input.clear()
-        name_input.send_keys('edited section')
+        name_input.send_keys('<i>edited section</i>')
        self.selenium.find_element_by_xpath('//input[@value="Save"]').click()
        self.selenium.switch_to.window(self.selenium.window_handles[0])
        select = Select(self.selenium.find_element_by_id('id_form-0-section'))
-        self.assertEqual(select.first_selected_option.text, 'edited section')
+        self.assertEqual(select.first_selected_option.text, '<i>edited section</i>')

        # Add popup
        self.selenium.find_element_by_id('add_id_form-0-section').click()