Skip to content

Commit

Permalink
Fix error when Request comment contains curly braces
Browse files Browse the repository at this point in the history 
Signed-off-by: tdruez <[email protected]>
  • Loading branch information
@tdruez
tdruez committed Jan 13, 2025
1 parent 61f31a8 commit 13a3302
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
3 changes: 2 additions & 1 deletion workflow/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
from django.utils.functional import cached_property
from django.utils.html import escape
from django.utils.html import format_html
from django.utils.safestring import mark_safe
from django.utils.translation import gettext_lazy as _

import markdown
Expand Down Expand Up @@ -623,7 +624,7 @@ def as_html(self):
)
html = cleaner.clean(unsafe_html)

return format_html(html)
return mark_safe(html)

def serialize_hook(self, hook):
if "hooks.slack.com" in hook.target:
Expand Down
10 changes: 10 additions & 0 deletions workflow/tests/test_models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,16 @@ def test_request_model_get_serialized_data_as_html_unicode_content(self):
self.request1.get_serialized_data_as_html(html_template="{value}"),
)

def test_request_model_get_serialized_data_as_html_escape_curly_braces(self):
comment = RequestComment.objects.create(
request=self.request1,
user=self.basic_user,
text="word {var_format} word",
dataspace=self.nexb_dataspace,
)
expected = "<p>word {var_format} word</p>"
self.assertEqual(expected, comment.as_html())

def test_request_model_get_involved_users(self):
self.assertIsNone(self.request1.assignee)
expected = {self.request1.requester}
Expand Down
15 changes: 15 additions & 0 deletions workflow/tests/test_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1252,6 +1252,21 @@ def test_workflow_request_details_view_is_private_availability(self):
self.client.login(username="basic_user", password="secret")
self.assertEqual(200, self.client.get(url).status_code)

def test_workflow_request_details_view_comment_content_escape_curly_braces(self):
self.client.login(username="nexb_user", password="secret")
url = reverse("workflow:request_details", args=[self.request1.uuid])

RequestComment.objects.create(
request=self.request1,
user=self.basic_user,
text="word {var_format} word",
dataspace=self.nexb_dataspace,
)

response = self.client.get(url)
expected = "<p>word {var_format} word</p>"
self.assertContains(response, expected, html=True)

def test_show_all_in_requests_list_view(self):
self.assertFalse(self.basic_user.is_superuser)
self.assertNotEqual(self.basic_user, self.request1.requester)
Expand Down

0 comments on commit 13a3302

Please sign in to comment.