Fixed #33461 -- Escaped template errors in the technical 500 debug page.

2025-10-31 09:41:08 +00:00 · 2022-01-26 15:09:08 +00:00
parent 3a9b8b25d4
commit c5c7a15b09
4 changed files with 42 additions and 4 deletions
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -7,7 +7,7 @@ import tempfile
 import threading
 from io import StringIO
 from pathlib import Path
-from unittest import mock
+from unittest import mock, skipIf

 from django.core import mail
 from django.core.files.uploadedfile import SimpleUploadedFile
@@ -263,6 +263,27 @@ class DebugViewTests(SimpleTestCase):
                    "traceback, instead found: %s" % raising_loc
                )

+    @skipIf(
+        sys.platform == 'win32',
+        'Raises OSError instead of TemplateDoesNotExist on Windows.',
+    )
+    def test_safestring_in_exception(self):
+        with self.assertLogs('django.request', 'ERROR'):
+            response = self.client.get('/safestring_exception/')
+            self.assertNotContains(
+                response,
+                '<script>alert(1);</script>',
+                status_code=500,
+                html=True,
+            )
+            self.assertContains(
+                response,
+                '&lt;script&gt;alert(1);&lt;/script&gt;',
+                count=3,
+                status_code=500,
+                html=True,
+            )
+
    def test_template_loader_postmortem(self):
        """Tests for not existing file"""
        template_name = "notfound.html"