darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-29 10:30:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1230 from alphagov/fix-entities-in-subjects

Browse Source 
Stop template subjects getting saved encoded
This commit is contained in:
Chris Hill-Scott
2017-04-18 10:34:10 +01:00
committed by GitHub
parent bb45ab025e 267b58a66d
commit e775b2a181
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/main/views/templates.py
View File

@@ -276,7 +276,7 @@ def edit_service_template(service_id, template_id):
if form.process_type.data != template['process_type']:
abort_403_if_not_admin_user()
subject = escape_html(form.subject.data) if hasattr(form, 'subject') else None
subject = form.subject.data if hasattr(form, 'subject') else None
new_template = get_template({
'name': form.name.data,
'content': form.template_content.data,

12
tests/app/main/views/test_templates.py
View File

@@ -360,7 +360,7 @@ def test_should_show_interstitial_when_making_breaking_change(
'name': "new name",
'template_content': "hello lets talk about ((thing))",
'template_type': 'email',
'subject': 'reminder & ((name))',
'subject': 'reminder \'" <span> & ((name))',
'service': service_id,
'process_type': 'normal'
}
@@ -377,12 +377,18 @@ def test_should_show_interstitial_when_making_breaking_change(
for key, value in {
'name': 'new name',
'subject': 'reminder &amp; ((name))',
'subject': 'reminder \'" <span> & ((name))',
'template_content': 'hello lets talk about ((thing))',
'confirm': 'true'
}.items():
assert page.find('input', {'name': key})['value'] == value
# BeautifulSoup returns the value attribute as unencoded, lets make
# sure that it is properly encoded in the HTML
assert str(page.find('input', {'name': 'subject'})) == (
"""<input name="subject" type="hidden" value="reminder '&quot; &lt;span&gt; &amp; ((name))"/>"""
)
def test_should_not_create_too_big_template(
logged_in_client,
@@ -450,7 +456,7 @@ def test_should_redirect_when_saving_a_template_email(
template_id = fake_uuid
name = "new name"
content = "template <em>content</em> with & entity ((thing)) ((date))"
subject = "subject"
subject = "subject & entity"
data = {
'id': template_id,
'name': name,