From cbaa3ee3ee45d453ab6aa36d57847515dd130b9f Mon Sep 17 00:00:00 2001 From: Thomas Grainger Date: Fri, 8 Jan 2016 19:58:03 +0000 Subject: [PATCH] Refs #25165 -- Removed unnecessary HTML unescaping in admin add/edit popups. Because we now load data into the page via JSON, we don't need to unescape it anymore. --- .../admin/js/admin/RelatedObjectLookups.js | 18 ------------------ js_tests/admin/RelatedObjectLookups.test.js | 13 +------------ 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js b/django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js index b265fdff38..282dfaed34 100644 --- a/django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js +++ b/django/contrib/admin/static/admin/js/admin/RelatedObjectLookups.js @@ -5,16 +5,6 @@ (function($) { 'use strict'; - function html_unescape(text) { - // Unescape a string that was escaped using django.utils.html.escape. - text = text.replace(/</g, '<'); - text = text.replace(/>/g, '>'); - text = text.replace(/"/g, '"'); - text = text.replace(/'/g, "'"); - text = text.replace(/&/g, '&'); - return text; - } - // IE doesn't accept periods or dashes in the window name, but the element IDs // we use to generate popup window names may contain them, therefore we map them // to allowed characters in a reversible way so that we can locate the correct @@ -84,10 +74,6 @@ } function dismissAddRelatedObjectPopup(win, newId, newRepr) { - // newId and newRepr are expected to have previously been escaped by - // django.utils.html.escape. - newId = html_unescape(newId); - newRepr = html_unescape(newRepr); var name = windowname_to_id(win.name); var elem = document.getElementById(name); if (elem) { @@ -113,8 +99,6 @@ } function dismissChangeRelatedObjectPopup(win, objId, newRepr, newId) { - objId = html_unescape(objId); - newRepr = html_unescape(newRepr); var id = windowname_to_id(win.name).replace(/^edit_/, ''); var selectsSelector = interpolate('#%s, #%s_from, #%s_to', [id, id, id]); var selects = $(selectsSelector); @@ -128,7 +112,6 @@ } function dismissDeleteRelatedObjectPopup(win, objId) { - objId = html_unescape(objId); var id = windowname_to_id(win.name).replace(/^delete_/, ''); var selectsSelector = interpolate('#%s, #%s_from, #%s_to', [id, id, id]); var selects = $(selectsSelector); @@ -141,7 +124,6 @@ } // Global for testing purposes - window.html_unescape = html_unescape; window.id_to_windowname = id_to_windowname; window.windowname_to_id = windowname_to_id; diff --git a/js_tests/admin/RelatedObjectLookups.test.js b/js_tests/admin/RelatedObjectLookups.test.js index d2fd3194bb..83071edd43 100644 --- a/js_tests/admin/RelatedObjectLookups.test.js +++ b/js_tests/admin/RelatedObjectLookups.test.js @@ -1,21 +1,10 @@ -/* global module, test, html_unescape, id_to_windowname, +/* global module, test, id_to_windowname, windowname_to_id */ /* eslint global-strict: 0, strict: 0 */ 'use strict'; module('admin.RelatedObjectLookups'); -test('html_unescape', function(assert) { - function assert_unescape(then, expected, message) { - assert.equal(html_unescape(then), expected, message); - } - assert_unescape('<', '<', 'less thans are unescaped'); - assert_unescape('>', '>', 'greater thans are unescaped'); - assert_unescape('"', '"', 'double quotes are unescaped'); - assert_unescape(''', "'", 'single quotes are unescaped'); - assert_unescape('&', '&', 'ampersands are unescaped'); -}); - test('id_to_windowname', function(assert) { assert.equal(id_to_windowname('.test'), '__dot__test'); assert.equal(id_to_windowname('misc-test'), 'misc__dash__test');