[Zope3-checkins] SVN: zope.formlib/trunk/ - Escape MultiCheckBoxWidget content [LP:302427].

Sidnei da Silva sidnei.da.silva at gmail.com
Sun Feb 21 18:16:30 EST 2010 

Log message for revision 109234:
  - Escape MultiCheckBoxWidget content [LP:302427].
  
  

Changed:
  U   zope.formlib/trunk/CHANGES.txt
  U   zope.formlib/trunk/src/zope/formlib/itemswidgets.py
  U   zope.formlib/trunk/src/zope/formlib/tests/test_multicheckboxwidget.py

-=-
Modified: zope.formlib/trunk/CHANGES.txt
===================================================================
--- zope.formlib/trunk/CHANGES.txt	2010-02-21 23:13:06 UTC (rev 109233)
+++ zope.formlib/trunk/CHANGES.txt	2010-02-21 23:16:29 UTC (rev 109234)
@@ -2,10 +2,11 @@
 Changes
 =======
 
-4.1 (unreleased)
+4.0.1 (unreleased)
 ================
 
 - Documentation uploaded to PyPI now contains widget documentation.
+- Escape MultiCheckBoxWidget content [LP:302427].
 
 4.0 (2010-01-08)
 ================

Modified: zope.formlib/trunk/src/zope/formlib/itemswidgets.py
===================================================================
--- zope.formlib/trunk/src/zope/formlib/itemswidgets.py	2010-02-21 23:13:06 UTC (rev 109233)
+++ zope.formlib/trunk/src/zope/formlib/itemswidgets.py	2010-02-21 23:16:29 UTC (rev 109234)
@@ -626,7 +626,7 @@
                              id=id,
                              value=value,
                              **kw)
-        contents = self._joinButtonToMessageTemplate % (elem, text)
+        contents = self._joinButtonToMessageTemplate % (elem, escape(text))
         return renderElement(u'label',
                              contents=contents,
                              **{'for': id})

Modified: zope.formlib/trunk/src/zope/formlib/tests/test_multicheckboxwidget.py
===================================================================
--- zope.formlib/trunk/src/zope/formlib/tests/test_multicheckboxwidget.py	2010-02-21 23:13:06 UTC (rev 109233)
+++ zope.formlib/trunk/src/zope/formlib/tests/test_multicheckboxwidget.py	2010-02-21 23:16:29 UTC (rev 109234)
@@ -72,6 +72,19 @@
                 0, 'Foo', 'foo', 'field.bar', None),
             check_list)
 
+    def testRenderItemEscaped(self):
+        check_list = ('type="checkbox"', 'id="field.bar.',
+                      'name="field.bar"', 'value="foo"',
+                      '<h1>Foo</h1>')
+        self.verifyResult(
+            self._widget.renderItem(0, '<h1>Foo</h1>', 'foo', 'field.bar',
+                                    None),
+            check_list)
+        check_list += ('checked="checked"',)
+        self.verifyResult(
+            self._widget.renderSelectedItem(
+                0, '<h1>Foo</h1>', 'foo', 'field.bar', None),
+            check_list)
 
     def testRenderItems(self):
         check_list = ('type="checkbox"', 'id="field.foo.',

More information about the Zope3-Checkins mailing list