Permalink
Browse files

newforms-admin: Fixed #6722. Admin widgets are now marked safe.

git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@6782 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 17dbd78 commit fcb30a11d8c289632c271d1c4b9993d7ee4c2b9b @jkocherhans jkocherhans committed Nov 30, 2007
@@ -101,7 +101,7 @@ def __iter__(self):
yield AdminField(self.form, field, is_first=(i == 0))
def errors(self):
- return u'\n'.join([self.form[f].errors.as_ul() for f in self.fields])
+ return mark_safe(u'\n'.join([self.form[f].errors.as_ul() for f in self.fields]))
class AdminField(object):
def __init__(self, form, field, is_first):
@@ -114,7 +114,7 @@ def result_headers(cl):
yield {"text": header,
"sortable": True,
"url": cl.get_query_string({ORDER_VAR: i, ORDER_TYPE_VAR: new_order_type}),
- "class_attrib": (th_classes and ' class="%s"' % ' '.join(th_classes) or '')}
+ "class_attrib": mark_safe((th_classes and ' class="%s"' % ' '.join(th_classes) or ''))}
def _boolean_icon(field_val):
BOOLEAN_MAPPING = {True: 'yes', False: 'no', None: 'unknown'}
@@ -148,8 +148,6 @@ def items_for_result(cl, result):
# function has an "allow_tags" attribute set to True.
if not allow_tags:
result_repr = escape(result_repr)
- else:
- result_repr = mark_safe(result_repr)
else:
field_val = getattr(result, f.attname)
@@ -187,7 +185,7 @@ def items_for_result(cl, result):
else:
result_repr = escape(field_val)
if force_unicode(result_repr) == '':
- result_repr = mark_safe(' ')
+ result_repr = ' '
# If list_display_links not defined, add the link tag to the first field
if (first and not cl.list_display_links) or field_name in cl.list_display_links:
table_tag = {True:'th', False:'td'}[first]
@@ -0,0 +1,5 @@
+from django.contrib.admin.tests import widgets
+
+__test__ = {
+ 'WIDGET_TESTS': widgets,
+}
@@ -0,0 +1,35 @@
+"""
+>>> from datetime import datetime
+>>> from django.utils.html import escape, conditional_escape
+>>> from django.contrib.admin.widgets import FilteredSelectMultiple, AdminSplitDateTime
+>>> from django.contrib.admin.widgets import AdminFileWidget, ForeignKeyRawIdWidget
+>>> from django.contrib.admin.widgets import RelatedFieldWidgetWrapper
+>>> from django.contrib.admin.models import LogEntry
+
+Calling conditional_escape on the output of widget.render will simulate what
+happens in the template. This is easier than setting up a template and context
+for each test.
+
+Make sure that the Admin widgets render properly, that is, without their extra
+HTML escaped.
+
+>>> w = FilteredSelectMultiple('test', False)
+>>> print conditional_escape(w.render('test', 'test'))
+<select multiple="multiple" name="test">
+</select><script type="text/javascript">addEvent(window, "load", function(e) {SelectFilter.init("id_test", "test", 0, "/media/"); });</script>
+<BLANKLINE>
+
+>>> w = AdminSplitDateTime()
+>>> print conditional_escape(w.render('test', datetime(2007, 12, 1, 9, 30)))
+<p class="datetime">Date: <input value="2007-12-01" type="text" class="vDateField" name="test_0" size="10" /><br />Time: <input value="09:30:00" type="text" class="vTimeField" name="test_1" size="8" /></p>
+
+>>> w = AdminFileWidget()
+>>> print conditional_escape(w.render('test', 'test'))
+Currently: <a target="_blank" href="test">test</a> <br>Change: <input type="file" name="test" />
+
+>>> rel = LogEntry._meta.get_field('user').rel
+>>> w = ForeignKeyRawIdWidget(rel)
+>>> print conditional_escape(w.render('test', 'test', attrs={}))
+<input type="text" name="test" value="test" class="vForeignKeyRawIdAdminField" /><a href="../../../auth/user/" class="related-lookup" id="lookup_id_test" onclick="return showRelatedObjectLookupPopup(this);"> <img src="/media/img/admin/selector-search.gif" width="16" height="16" alt="Lookup"></a>
+
+"""
@@ -10,6 +10,7 @@
from django.http import Http404
from django.utils.encoding import force_unicode, smart_str
from django.utils.translation import ugettext
+from django.utils.safestring import mark_safe
import operator
try:
@@ -6,6 +6,7 @@
from django.utils.datastructures import MultiValueDict
from django.utils.text import capfirst
from django.utils.translation import ugettext as _
+from django.utils.safestring import mark_safe
from django.conf import settings
class FilteredSelectMultiple(forms.SelectMultiple):
@@ -28,7 +29,7 @@ def render(self, name, value, attrs=None, choices=()):
# API to determine the ID dynamically.
output.append(u'SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % \
(name, self.verbose_name.replace('"', '\\"'), int(self.is_stacked), settings.ADMIN_MEDIA_PREFIX))
- return u''.join(output)
+ return mark_safe(u''.join(output))
class AdminDateWidget(forms.TextInput):
class Media:
@@ -57,8 +58,8 @@ def __init__(self, attrs=None):
forms.MultiWidget.__init__(self, widgets, attrs)
def format_output(self, rendered_widgets):
- return u'<p class="datetime">%s %s<br />%s %s</p>' % \
- (_('Date:'), rendered_widgets[0], _('Time:'), rendered_widgets[1])
+ return mark_safe(u'<p class="datetime">%s %s<br />%s %s</p>' % \
+ (_('Date:'), rendered_widgets[0], _('Time:'), rendered_widgets[1]))
class AdminFileWidget(forms.FileInput):
"""
@@ -73,7 +74,7 @@ def render(self, name, value, attrs=None):
if value:
output.append('Currently: <a target="_blank" href="%s%s">%s</a> <br>Change: ' % (settings.MEDIA_URL, value, value))
output.append(super(AdminFileWidget, self).render(name, value, attrs))
- return u''.join(output)
+ return mark_safe(u''.join(output))
class ForeignKeyRawIdWidget(forms.TextInput):
"""
@@ -99,7 +100,7 @@ def render(self, name, value, attrs=None):
output.append('<a href="%s%s" class="related-lookup" id="lookup_id_%s" onclick="return showRelatedObjectLookupPopup(this);"> ' % \
(related_url, url, name))
output.append('<img src="%simg/admin/selector-search.gif" width="16" height="16" alt="Lookup"></a>' % settings.ADMIN_MEDIA_PREFIX)
- return u''.join(output)
+ return mark_safe(u''.join(output))
#if self.change: # TODO
#output.append('&nbsp;<strong>TODO</strong>')
@@ -148,7 +149,7 @@ def __call__(self, name, value, *args, **kwargs):
output.append(u'<a href="%sadd/" class="add-another" id="add_id_%s" onclick="return showAddAnotherPopup(this);"> ' % \
(related_url, name))
output.append(u'<img src="%simg/admin/icon_addlink.gif" width="10" height="10" alt="Add Another"/></a>' % settings.ADMIN_MEDIA_PREFIX)
- return u''.join(output)
+ return mark_safe(u''.join(output))
def __deepcopy__(self, memo):
# There's no reason to deepcopy admin_site, etc, so just return self.

0 comments on commit fcb30a1

Please sign in to comment.