[Zope3-checkins] SVN: Zope3/branches/3.3/ -
zope.app.form.browser.textwidgets: The TextAreaWidget was not
escaping
Christian Zagrodnick
cz at gocept.com
Wed Mar 7 05:49:27 EST 2007
Log message for revision 73026:
- zope.app.form.browser.textwidgets: The TextAreaWidget was not escaping
its content when the validation failed. This way <, > and & were put
out unquoted.
backport from 3.4
Changed:
U Zope3/branches/3.3/doc/CHANGES.txt
U Zope3/branches/3.3/src/zope/app/form/browser/textwidgets.py
U Zope3/branches/3.3/src/zope/app/form/browser/widget.py
U Zope3/branches/3.3/src/zope/app/rotterdam/editingwidgets.py
-=-
Modified: Zope3/branches/3.3/doc/CHANGES.txt
===================================================================
--- Zope3/branches/3.3/doc/CHANGES.txt 2007-03-07 10:44:01 UTC (rev 73025)
+++ Zope3/branches/3.3/doc/CHANGES.txt 2007-03-07 10:49:25 UTC (rev 73026)
@@ -10,6 +10,13 @@
Bugfixes
+ - zope.app.form.browser.textwidgets: The TextAreaWidget was not escaping
+ its content when the validation failed. This way <, > and & were put
+ out unquoted.
+
+ - Fixed bug #721: Handling of empty prefixes in zope.formlib and
+ zope.app.form
+
- Fixed zope.app.cache.ram.RAMCache which ignored the
cleanupinterval.
Modified: Zope3/branches/3.3/src/zope/app/form/browser/textwidgets.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/form/browser/textwidgets.py 2007-03-07 10:44:01 UTC (rev 73025)
+++ Zope3/branches/3.3/src/zope/app/form/browser/textwidgets.py 2007-03-07 10:49:25 UTC (rev 73026)
@@ -286,6 +286,48 @@
name="field.foo"
rows="15"
><h1>&copy;</h1></textarea>
+
+ There was a but which caused the content of <textarea> tags not to be
+ rendered correctly when there was a conversion error. Make sure the quoting
+ works correctly::
+
+ >>> from zope.schema import Text
+ >>> field = Text(__name__='description', title=u'Description')
+
+ >>> from zope.app.form.interfaces import ConversionError
+ >>> class TestTextAreaWidget(TextAreaWidget):
+ ... def _toFieldValue(self, input):
+ ... if 'foo' in input:
+ ... raise ConversionError("I don't like foo.")
+ ... return input
+ ...
+
+ >>> request = TestRequest(form={'field.description': u'<p>bar</p>'})
+ >>> widget = TestTextAreaWidget(field, request)
+ >>> widget.getInputValue()
+ u'<p>bar</p>'
+ >>> print normalize( widget() )
+ <textarea
+ cols="60"
+ id="field.description"
+ name="field.description"
+ rows="15"
+ ><p>bar</p></textarea>
+
+ >>> request = TestRequest(form={'field.description': u'<p>foo</p>'})
+ >>> widget = TestTextAreaWidget(field, request)
+ >>> try:
+ ... widget.getInputValue()
+ ... except ConversionError, error:
+ ... print error.doc()
+ I don't like foo.
+ >>> print normalize( widget() )
+ <textarea
+ cols="60"
+ id="field.description"
+ name="field.description"
+ rows="15"
+ ><p>foo</p></textarea>
"""
default = ""
@@ -309,7 +351,6 @@
value = super(TextAreaWidget, self)._toFormValue(value)
if value:
value = value.replace("\n", "\r\n")
- value = escape(value)
else:
value = u''
@@ -323,7 +364,7 @@
rows=self.height,
cols=self.width,
style=self.style,
- contents=self._getFormValue(),
+ contents=escape(self._getFormValue()),
extra=self.extra)
class BytesAreaWidget(Bytes, TextAreaWidget):
Modified: Zope3/branches/3.3/src/zope/app/form/browser/widget.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/form/browser/widget.py 2007-03-07 10:44:01 UTC (rev 73025)
+++ Zope3/branches/3.3/src/zope/app/form/browser/widget.py 2007-03-07 10:49:25 UTC (rev 73026)
@@ -269,7 +269,7 @@
>>> widget()
u'<input class="textType" id="field.price" name="field.price" type="text" value="32.00" />'
- >>> request = TestRequest(form={'field.price': u'foo'})
+ >>> request = TestRequest(form={'field.price': u'<p>foo</p>'})
>>> widget = FloatWidget(field, request)
>>> try:
... widget.getInputValue()
@@ -277,7 +277,7 @@
... print error.doc()
Invalid floating point data
>>> widget()
- u'<input class="textType" id="field.price" name="field.price" type="text" value="foo" />'
+ u'<input class="textType" id="field.price" name="field.price" type="text" value="<p>foo</p>" />'
>>> tearDown()
@@ -376,7 +376,7 @@
def _getCurrentValueHelper(self):
"""Helper to get the current input value.
-
+
Raises InputErrors if the data could not be validated/converted.
"""
input_value = None
Modified: Zope3/branches/3.3/src/zope/app/rotterdam/editingwidgets.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/rotterdam/editingwidgets.py 2007-03-07 10:44:01 UTC (rev 73025)
+++ Zope3/branches/3.3/src/zope/app/rotterdam/editingwidgets.py 2007-03-07 10:49:25 UTC (rev 73026)
@@ -18,7 +18,7 @@
from zope.interface import implements
from zope.app.form.interfaces import IInputWidget
from zope.app.form.browser import TextAreaWidget
-from zope.app.form.browser.widget import renderElement
+from zope.app.form.browser.widget import renderElement, escape
from zope.app.pagetemplate.viewpagetemplatefile import ViewPageTemplateFile
class SimpleEditingWidget(TextAreaWidget):
@@ -112,7 +112,7 @@
rows=self.height,
cols=self.width,
style=self.style,
- contents=self._getFormValue(),
+ contents=escape(self._getFormValue()),
extra=self.extra)
def contents(self):
More information about the Zope3-Checkins
mailing list