[Checkins] SVN: zope.app.form/branches/3.12/ - Escape MultiCheckBoxWidget content [LP:302427]

Sidnei da Silva sidnei.da.silva at gmail.com
Sun Feb 21 17:26:02 EST 2010 

Log message for revision 109228:
  - Escape MultiCheckBoxWidget content [LP:302427]

Changed:
  U   zope.app.form/branches/3.12/CHANGES.txt
  U   zope.app.form/branches/3.12/src/zope/app/form/browser/itemswidgets.py
  U   zope.app.form/branches/3.12/src/zope/app/form/browser/tests/test_multicheckboxwidget.py

-=-
Modified: zope.app.form/branches/3.12/CHANGES.txt
===================================================================
--- zope.app.form/branches/3.12/CHANGES.txt	2010-02-21 22:19:38 UTC (rev 109227)
+++ zope.app.form/branches/3.12/CHANGES.txt	2010-02-21 22:26:02 UTC (rev 109228)
@@ -2,6 +2,11 @@
 CHANGES
 =======
 
+3.12.2 (Unreleased)
+===================
+
+- Escape MultiCheckBoxWidget content [LP:302427].
+
 3.12.1 (2009-12-22)
 ===================
 

Modified: zope.app.form/branches/3.12/src/zope/app/form/browser/itemswidgets.py
===================================================================
--- zope.app.form/branches/3.12/src/zope/app/form/browser/itemswidgets.py	2010-02-21 22:19:38 UTC (rev 109227)
+++ zope.app.form/branches/3.12/src/zope/app/form/browser/itemswidgets.py	2010-02-21 22:26:02 UTC (rev 109228)
@@ -627,7 +627,7 @@
                              id=id,
                              value=value,
                              **kw)
-        contents = self._joinButtonToMessageTemplate % (elem, text)
+        contents = self._joinButtonToMessageTemplate % (elem, escape(text))
         return renderElement(u'label',
                              contents=contents,
                              **{'for': id})

Modified: zope.app.form/branches/3.12/src/zope/app/form/browser/tests/test_multicheckboxwidget.py
===================================================================
--- zope.app.form/branches/3.12/src/zope/app/form/browser/tests/test_multicheckboxwidget.py	2010-02-21 22:19:38 UTC (rev 109227)
+++ zope.app.form/branches/3.12/src/zope/app/form/browser/tests/test_multicheckboxwidget.py	2010-02-21 22:26:02 UTC (rev 109228)
@@ -72,6 +72,19 @@
                 0, 'Foo', 'foo', 'field.bar', None),
             check_list)
 
+    def testRenderItemEscaped(self):
+        check_list = ('type="checkbox"', 'id="field.bar.',
+                      'name="field.bar"', 'value="foo"',
+                      '<h1>Foo</h1>')
+        self.verifyResult(
+            self._widget.renderItem(0, '<h1>Foo</h1>', 'foo', 'field.bar',
+                                    None),
+            check_list)
+        check_list += ('checked="checked"',)
+        self.verifyResult(
+            self._widget.renderSelectedItem(
+                0, '<h1>Foo</h1>', 'foo', 'field.bar', None),
+            check_list)
 
     def testRenderItems(self):
         check_list = ('type="checkbox"', 'id="field.foo.',

More information about the checkins mailing list