Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #18634 -- Don't escape variables in the context for startprojec…

…t/startapp.

The & symbols which can come up in the secret key were
being escaped to &.
  • Loading branch information...
commit a875f612e0ae84c2084d0b6230ffafe32a9777c8 1 parent 59d9977
@mjtamlyn mjtamlyn authored apollo13 committed
View
2  django/core/management/templates.py
@@ -115,7 +115,7 @@ def handle(self, app_or_project, name, target=None, **options):
context = Context(dict(options, **{
base_name: name,
base_directory: top_dir,
- }))
+ }), autoescape=False)
# Setup a stub settings environment for template rendering
from django.conf import settings
View
1  tests/regressiontests/admin_scripts/custom_templates/project_template/additional_dir/extra.py
@@ -0,0 +1 @@
+# this file uses the {{ extra }} variable
View
11 tests/regressiontests/admin_scripts/management/commands/custom_startproject.py
@@ -0,0 +1,11 @@
+from optparse import make_option
+
+from django.core.management.commands.startproject import Command as BaseCommand
+
+
+class Command(BaseCommand):
+ option_list = BaseCommand.option_list + (
+ make_option('--extra',
+ action='store', dest='extra',
+ help='An arbitrary extra value passed to the context'),
+ )
View
18 tests/regressiontests/admin_scripts/tests.py
@@ -1541,6 +1541,24 @@ def test_custom_project_template_context_variables(self):
self.assertIn("project_name = 'another_project'", content)
self.assertIn("project_directory = '%s'" % testproject_dir, content)
+ def test_no_escaping_of_project_variables(self):
+ "Make sure template context variables are not html escaped"
+ # We're using a custom command so we need the alternate settings
+ self.write_settings('alternate_settings.py')
+ template_path = os.path.join(test_dir, 'admin_scripts', 'custom_templates', 'project_template')
+ args = ['custom_startproject', '--template', template_path, 'another_project', 'project_dir', '--extra', '<&>', '--settings=alternate_settings']
+ testproject_dir = os.path.join(test_dir, 'project_dir')
+ os.mkdir(testproject_dir)
+ out, err = self.run_manage(args)
+ self.addCleanup(shutil.rmtree, testproject_dir)
+ self.assertNoOutput(err)
+ test_manage_py = os.path.join(testproject_dir, 'additional_dir', 'extra.py')
+ with open(test_manage_py, 'r') as fp:
+ content = fp.read()
+ self.assertIn("<&>", content)
+ # tidy up alternate settings
+ self.remove_settings('alternate_settings.py')
+
def test_custom_project_destination_missing(self):
"""
Make sure an exception is raised when the provided
Please sign in to comment.
Something went wrong with that request. Please try again.