def test_app_config_select_escaping(self): class FakeAppConfig(object): def __init__(self, pk, config): self.pk = pk self.config = config def __str__(self): return self.config class FakeApp(object): def __init__(self, name, configs=()): self.name = name self.configs = configs def __str__(self): return self.name def get_configs(self): return self.configs def get_config_add_url(self): return "/fake/url/" GoodApp = FakeApp('GoodApp', [ FakeAppConfig(1, 'good-app-one-config'), FakeAppConfig(2, 'good-app-two-config'), ]) BadApp = FakeApp('BadApp', [ FakeAppConfig(1, 'bad-app-one-config'), FakeAppConfig( 2, 'bad-app-two-config<script>alert("bad-stuff");</script>'), ]) app_configs = { GoodApp: GoodApp, BadApp: BadApp, } app_config_select = ApplicationConfigSelect(app_configs=app_configs) output = app_config_select.render('application_configurations', 1) self.assertFalse('<script>alert("bad-stuff");</script>' in output) self.assertTrue('\\u0026lt\\u003Bscript\\u0026gt\\u003Balert(' '\\u0026quot\\u003Bbad\\u002Dstuff\\u0026quot' '\\u003B)\\u003B\\u0026lt\\u003B/script\\u0026gt' '\\u003B' in output)
def test_app_config_select_escaping(self): class FakeAppConfig(object): def __init__(self, pk, config): self.pk = pk self.config = config def __str__(self): return self.config class FakeApp(object): def __init__(self, name, configs=()): self.name = name self.configs = configs def __str__(self): return self.name def get_configs(self): return self.configs def get_config_add_url(self): return "/fake/url/" GoodApp = FakeApp('GoodApp', [ FakeAppConfig(1, 'good-app-one-config'), FakeAppConfig(2, 'good-app-two-config'), ]) BadApp = FakeApp('BadApp', [ FakeAppConfig(1, 'bad-app-one-config'), FakeAppConfig(2, 'bad-app-two-config<script>alert("bad-stuff");</script>'), ]) app_configs = { GoodApp: GoodApp, BadApp: BadApp, } app_config_select = ApplicationConfigSelect(app_configs=app_configs) output = app_config_select.render('application_configurations', 1) self.assertFalse('<script>alert("bad-stuff");</script>' in output) self.assertTrue('\\u0026lt\\u003Bscript\\u0026gt\\u003Balert(' '\\u0026quot\\u003Bbad\\u002Dstuff\\u0026quot' '\\u003B)\\u003B\\u0026lt\\u003B/script\\u0026gt' '\\u003B' in output)
def __init__(self, *args, **kwargs): super(AdvancedSettingsForm, self).__init__(*args, **kwargs) self.title_obj = self.instance.get_title_obj( language=self._language, fallback=False, force_reload=True, ) if 'navigation_extenders' in self.fields: navigation_extenders = self.get_navigation_extenders() self.fields['navigation_extenders'].widget = forms.Select( {}, [('', "---------")] + navigation_extenders) if 'application_urls' in self.fields: # Prepare a dict mapping the apps by class name ('PollApp') to # their app_name attribute ('polls'), if any. app_namespaces = {} app_configs = {} for hook in apphook_pool.get_apphooks(): app = apphook_pool.get_apphook(hook[0]) if app.app_name: app_namespaces[hook[0]] = app.app_name if app.app_config: app_configs[hook[0]] = app self.fields['application_urls'].widget = AppHookSelect( attrs={'id': 'application_urls'}, app_namespaces=app_namespaces ) self.fields['application_urls'].choices = [('', "---------")] + apphook_pool.get_apphooks() page_data = self.data if self.data else self.initial if app_configs: self.fields['application_configs'].widget = ApplicationConfigSelect( attrs={'id': 'application_configs'}, app_configs=app_configs, ) if page_data.get('application_urls', False) and page_data['application_urls'] in app_configs: configs = app_configs[page_data['application_urls']].get_configs() self.fields['application_configs'].widget.choices = [(config.pk, force_text(config)) for config in configs] try: config = configs.get(namespace=self.initial['application_namespace']) self.fields['application_configs'].initial = config.pk except ObjectDoesNotExist: # Provided apphook configuration doesn't exist (anymore), # just skip it # The user will choose another value anyway pass if 'redirect' in self.fields: self.fields['redirect'].widget.language = self._language self.fields['redirect'].initial = self.title_obj.redirect if 'overwrite_url' in self.fields and self.title_obj.has_url_overwrite: self.fields['overwrite_url'].initial = self.title_obj.path
def __init__(self, *args, **kwargs): super(AdvancedSettingsForm, self).__init__(*args, **kwargs) self.fields['language'].widget = HiddenInput() self.fields['site'].widget = HiddenInput() site_id = self.fields['site'].initial languages = get_language_tuple(site_id) self.fields['language'].choices = languages if not self.fields['language'].initial: self.fields['language'].initial = get_language() if 'navigation_extenders' in self.fields: navigation_extenders = self.get_navigation_extenders() self.fields['navigation_extenders'].widget = forms.Select( {}, [('', "---------")] + navigation_extenders) if 'application_urls' in self.fields: # Prepare a dict mapping the apps by class name ('PollApp') to # their app_name attribute ('polls'), if any. app_namespaces = {} app_configs = {} for hook in apphook_pool.get_apphooks(): app = apphook_pool.get_apphook(hook[0]) if app.app_name: app_namespaces[hook[0]] = app.app_name if app.app_config: app_configs[hook[0]] = app self.fields['application_urls'].widget = AppHookSelect( attrs={'id': 'application_urls'}, app_namespaces=app_namespaces) self.fields['application_urls'].choices = [ ('', "---------") ] + apphook_pool.get_apphooks() page_data = self.data if self.data else self.initial if app_configs: self.fields[ 'application_configs'].widget = ApplicationConfigSelect( attrs={'id': 'application_configs'}, app_configs=app_configs) if page_data.get( 'application_urls', False ) and page_data['application_urls'] in app_configs: self.fields['application_configs'].choices = [ (config.pk, force_text(config)) for config in app_configs[ page_data['application_urls']].get_configs() ] apphook = page_data.get('application_urls', False) try: config = apphook_pool.get_apphook(apphook).get_configs( ).get(namespace=self.initial['application_namespace']) self.fields['application_configs'].initial = config.pk except ObjectDoesNotExist: # Provided apphook configuration doesn't exist (anymore), # just skip it # The user will choose another value anyway pass else: # If app_config apphook is not selected, drop any value # for application_configs to avoid the field data from # being validated by the field itself try: del self.data['application_configs'] except KeyError: pass if 'redirect' in self.fields: self.fields['redirect'].widget.language = self.fields[ 'language'].initial