encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-04 20:40:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge ed53ffb9cd into 5d7b835608

Browse Source
This commit is contained in:
Daniel Naab 2014-11-03 16:28:24 +00:00
commit 3cecf874b5
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rest_framework/templatetags/rest_framework.py
View File

@ -198,7 +198,7 @@ def urlize_quoted_links(text, trim_url_limit=None, nofollow=True, autoescape=Tru
trimmed = trim_url(middle)
if autoescape and not safe_input:
lead, trail = escape(lead), escape(trail)
url, trimmed = escape(url), escape(trimmed)
trimmed = escape(trimmed)
middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
else:

19
tests/test_renderers.py
View File

@ -101,6 +101,14 @@ class HTMLView1(APIView):
def get(self, request, **kwargs):
return Response('text')
class HTMLView2(APIView):
renderer_classes = (BrowsableAPIRenderer, JSONRenderer)
def get(self, request, **kwargs):
return Response({'url': 'http://domain.com/?param=Yes+%26+No'})
urlpatterns = patterns(
'',
url(r'^.*\.(?P<format>.+)$', MockView.as_view(renderer_classes=[RendererA, RendererB])),
@ -111,6 +119,7 @@ urlpatterns = patterns(
url(r'^parseerror$', MockPOSTView.as_view(renderer_classes=[JSONRenderer, BrowsableAPIRenderer])),
url(r'^html$', HTMLView.as_view()),
url(r'^html1$', HTMLView1.as_view()),
url(r'^html2$', HTMLView2.as_view()),
url(r'^empty$', EmptyGETView.as_view()),
url(r'^api', include('rest_framework.urls', namespace='rest_framework'))
)
@ -269,6 +278,16 @@ class RendererEndToEndTests(TestCase):
self.assertContains(resp, '>application/json<')
self.assertNotContains(resp, '>text/html; charset=utf-8<')
def test_browsable_api_urls(self):
"""
Issue #1649
Test that URLs have properly escaped GET parameters.
"""
resp = self.client.get('/html2')
# GET parameter should be escaped as Yes+%26+No, not Yes+&amp;+No
self.assertEqual(resp.rendered_content.find('Yes+&amp;+No'), -1)
_flat_repr = '{"foo":["bar","baz"]}'
_indented_repr = '{\n "foo": [\n "bar",\n "baz"\n ]\n}'