Permalink
Browse files

Add proper escaping for JS and CSS sources

Also make sure that they behave the same with all the template engines.
Previously with escaping enabled they would escape things differently and
before enabling escaping Genshi and Kajiki escaped the sources while
Jinja and Mako didn't exposing and inconsistent behavior when writing widgets
  • Loading branch information...
amol- committed Aug 29, 2012
1 parent 7c0c60a commit af6d233dfa71bbf470d5e3e3f266a00978ba69f6
Showing with 50 additions and 3 deletions.
  1. +47 −0 tests/test_resources.py
  2. +3 −3 tw2/core/resources.py
@@ -266,6 +266,53 @@ def test_display(self):
r = self.widget(**self.attrs).display(template='%s:%s' % (t, twr._JSFuncCall.template))
assert r == """<script type="text/javascript">foo("a", "b")</script>""", r
class TestJSSourceEscaping(tb.WidgetTest):
widget = twr.JSSource
attrs = {}
expected = None
def test_display(self):
s = twr.JSSource(src='''
function test(a, b) {
if (b < 5)
return b;
else
return "OK";
}
''')
r = s.req()
displays = []
for e in self._get_all_possible_engines():
displays.append(r.display(template='%s:%s' % (e, twr.JSSource.template)))
compare_to = str(displays[0]).strip()
equal_displays = filter(lambda x:str(x).strip()==compare_to, displays)
assert len(displays) == len(equal_displays), equal_displays
class TestCSSSourceEscaping(tb.WidgetTest):
widget = twr.CSSSource
attrs = {}
expected = None
def test_display(self):
s = twr.CSSSource(src='''
p > strong:after {
content:"WOAH, this was STRONG!";
}
''')
r = s.req()
displays = []
for e in self._get_all_possible_engines():
#CSSource misses pt template.
if e in ['chameleon']:
continue
displays.append(r.display(template='%s:%s' % (e, twr.CSSSource.template)))
compare_to = str(displays[0]).strip()
equal_displays = filter(lambda x:str(x).strip()==compare_to, displays)
assert len(displays) == len(equal_displays), equal_displays
from pkg_resources import Requirement
class TestResourcesApp:
@@ -234,7 +234,7 @@ def prepare(self):
super(JSSource, self).prepare()
if not self.src:
raise ValueError("%r must be provided a 'src' attr" % self)
self.src = Markup(self.src)
class CSSSource(Resource):
"""
@@ -251,7 +251,7 @@ def prepare(self):
super(CSSSource, self).prepare()
if not self.src:
raise ValueError("%r must be provided a 'src' attr" % self)
self.src = Markup(self.src)
class _JSFuncCall(JSSource):
"""
@@ -277,7 +277,7 @@ def prepare(self):
elif self.args:
args = ', '.join(encoder.encode(a) for a in self.args)
self.src = Markup('%s(%s)' % (self.function, args))
self.src = '%s(%s)' % (self.function, args)
super(_JSFuncCall, self).prepare()
def __hash__(self):

0 comments on commit af6d233

Please sign in to comment.