diff options
author | Mike Bayer <mike_mp@zzzcomputing.com> | 2012-01-16 13:13:03 -0500 |
---|---|---|
committer | Mike Bayer <mike_mp@zzzcomputing.com> | 2012-01-16 13:13:03 -0500 |
commit | 96998dd9fbf060cb873176440b75c51238e1c4ba (patch) | |
tree | a6e3e821f60f284592fd82b2451526ae1f2045d3 | |
parent | 0050ca812536b4dce06d3e4a811e451676c0e60a (diff) | |
download | mako-96998dd9fbf060cb873176440b75c51238e1c4ba.tar.gz |
- [bug] The exception message in the html_error_template
is now escaped with the HTML filter. [ticket:142]
-rw-r--r-- | CHANGES | 26 | ||||
-rw-r--r-- | mako/exceptions.py | 2 | ||||
-rw-r--r-- | test/test_exceptions.py | 15 | ||||
-rw-r--r-- | test/test_template.py | 17 |
4 files changed, 40 insertions, 20 deletions
@@ -1,13 +1,6 @@ 0.6.0 -- [feature/bug] Can now refer to context variables - within extra arguments to <%block>, <%def>, i.e. - <%block name="foo" cache_key="${somekey}">. - Filters can also be used in this way, i.e. - <%def name="foo()" filter="myfilter"> - then template.render(myfilter=some_callable) - [ticket:180] -- Template caching has been converted into a plugin +- [feature] Template caching has been converted into a plugin system, whereby the usage of Beaker is just the default plugin. Template and TemplateLookup now accept a string "cache_impl" parameter which @@ -19,12 +12,12 @@ core plugin is the mako.cache.CacheImpl class. -- The <%def>, <%block> and <%page> tags now accept +- [feature] The <%def>, <%block> and <%page> tags now accept any argument named "cache_*", and the key minus the "cache_" prefix will be passed as keyword arguments to the CacheImpl methods. -- Template and TemplateLookup now accept an argument +- [feature] Template and TemplateLookup now accept an argument cache_args, which refers to a dictionary containing cache parameters. The cache_dir, cache_url, cache_type, cache_timeout arguments are deprecated (will probably @@ -32,10 +25,21 @@ now as cache_args={'url':<some url>, 'type':'memcached', 'timeout':50, 'dir':'/path/to/some/directory'} -- Added "--var name=value" option to the mako-render +- [feature/bug] Can now refer to context variables + within extra arguments to <%block>, <%def>, i.e. + <%block name="foo" cache_key="${somekey}">. + Filters can also be used in this way, i.e. + <%def name="foo()" filter="myfilter"> + then template.render(myfilter=some_callable) + [ticket:180] + +- [feature] Added "--var name=value" option to the mako-render script, allows passing of kw to the template from the command line. [ticket:178] +- [bug] The exception message in the html_error_template + is now escaped with the HTML filter. [ticket:142] + 0.5 - A Template is explicitly disallowed from having a url that normalizes to relative outside diff --git a/mako/exceptions.py b/mako/exceptions.py index 45155aa..522227c 100644 --- a/mako/exceptions.py +++ b/mako/exceptions.py @@ -277,7 +277,7 @@ def html_error_template(): else: lines = None %> -<h3>${tback.errorname}: ${tback.message}</h3> +<h3>${tback.errorname}: ${tback.message|h}</h3> % if lines: <div class="sample"> diff --git a/test/test_exceptions.py b/test/test_exceptions.py index 1ddca4f..70fe39f 100644 --- a/test/test_exceptions.py +++ b/test/test_exceptions.py @@ -20,8 +20,8 @@ class ExceptionsTest(TemplateTest): assert False except exceptions.CompileException, ce: html_error = exceptions.html_error_template().render_unicode() - assert ("CompileException: Fragment 'i = 0' is not a partial " - "control statement") in html_error + assert ("CompileException: Fragment 'i = 0' is not " + "a partial control statement at line: 2 char: 1") in html_error assert '<style>' in html_error html_error_stripped = html_error.strip() assert html_error_stripped.startswith('<html>') @@ -75,10 +75,10 @@ ${u'привет'} template.render_unicode() except exceptions.CompileException, ce: html_error = exceptions.html_error_template().render() - assert ("CompileException: Fragment 'if 2 == 2: /an " - "error' is not a partial control " - "statement at line: 2 char: 1") in \ - html_error.decode('utf-8') + assert ("CompileException: Fragment 'if 2 == 2: /an " + "error' is not a partial control statement " + "at line: 2 char: 1") in \ + html_error if util.py3k: assert u"3 ${'привет'}".encode(sys.getdefaultencoding(), @@ -185,5 +185,4 @@ ${foobar} # and don't even send what we have. html_error = exceptions.html_error_template().\ render_unicode(error=v, traceback=None) - - assert "local variable 'y' referenced" in html_error + assert "local variable 'y' referenced before assignment" in html_error diff --git a/test/test_template.py b/test/test_template.py index 4d301aa..ddab16e 100644 --- a/test/test_template.py +++ b/test/test_template.py @@ -12,6 +12,23 @@ from test import TemplateTest, eq_, template_base, module_base, \ skip_if, assert_raises, assert_raises_message class EncodingTest(TemplateTest): + def test_escapes_html_tags(self): + from mako.exceptions import html_error_template + + x = Template(""" + X: + <% raise Exception('<span style="color:red">Foobar</span>') %> + """) + + try: + x.render() + except: + # <h3>Exception: <span style="color:red">Foobar</span></h3> + markup = html_error_template().render(full=False, css=False) + print markup + assert '<span style="color:red">Foobar</span></h3>' not in markup + assert '<span style="color:red">Foobar</span>' in markup + def test_unicode(self): self._do_memory_test( u"""Alors vous imaginez ma surprise, au lever du jour, quand une drôle de petite voix m’a réveillé. Elle disait: « S’il vous plaît… dessine-moi un mouton! »""", |