Commit 59e206da authored by Stefan H. Holek's avatar Stefan H. Holek

Merged r69795:69796 from 2.9 branch.

ZTUtils.make_hidden_input did not escape double-quotes.
Fixes http://www.zope.org/Collectors/Zope/2175
parent 895b9811
......@@ -200,7 +200,7 @@ def make_hidden_input(*args, **kwargs):
d.update(arg)
d.update(kwargs)
hq = cgi.escape
hq = lambda x:cgi.escape(x, quote=True)
qlist = complex_marshal(d.items())
for i in range(len(qlist)):
k, m, v = qlist[i]
......
......@@ -5,6 +5,7 @@ from unittest import TestCase, makeSuite, main
import string
import urllib
from ZTUtils.Zope import make_query, complex_marshal
from ZTUtils.Zope import make_hidden_input
from DateTime import DateTime
class QueryTests(TestCase):
......@@ -50,6 +51,18 @@ class QueryTests(TestCase):
record=record, string=str_)
assert query == 'date:date=%s&integer:int=1&listing:int:list=1&listing:date:list=%s&listing:list=str&string=str&record.arg1:int:list:record=1&record.arg1:date:list:record=%s&record.arg1:list:record=str&record.arg2:int:record=1'%(quote_date,quote_date,quote_date)
def testMakeHiddenInput(self):
tag = make_hidden_input(foo='bar')
self.assertEqual(tag, '<input type="hidden" name="foo" value="bar">')
tag = make_hidden_input(foo=1)
self.assertEqual(tag, '<input type="hidden" name="foo:int" value="1">')
# Escaping
tag = make_hidden_input(foo='bar & baz')
self.assertEqual(tag, '<input type="hidden" name="foo" value="bar &amp; baz">')
tag = make_hidden_input(foo='<bar>')
self.assertEqual(tag, '<input type="hidden" name="foo" value="&lt;bar&gt;">')
tag = make_hidden_input(foo='"bar"')
self.assertEqual(tag, '<input type="hidden" name="foo" value="&quot;bar&quot;">')
def test_suite():
return makeSuite(QueryTests)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment