[FIX] website, base: escaping and unescaping html
When saving a template in version 8.0, html would be saved as it should be displayed once on the site. In particular, if some text should be escaped once send to the browser, it will be saved as such. But when rendering, a text node content is unescaped two times: * for translation which seems wrong since we already use .text of a node which already escaped it, doing it one more time is bad, * when rendering the template, since the html template is stored in xml, This commit remove superfluous unescaping for translation, and add an escaping when saving the changed template content. closes #7967 opw-646889
This commit is contained in:
parent
8827789ff2
commit
cdb9000449
|
@ -7,6 +7,7 @@ from openerp import SUPERUSER_ID, api
|
||||||
from openerp.addons.website.models import website
|
from openerp.addons.website.models import website
|
||||||
from openerp.http import request
|
from openerp.http import request
|
||||||
from openerp.osv import osv, fields
|
from openerp.osv import osv, fields
|
||||||
|
from openerp.tools import html_escape
|
||||||
|
|
||||||
class view(osv.osv):
|
class view(osv.osv):
|
||||||
_inherit = "ir.ui.view"
|
_inherit = "ir.ui.view"
|
||||||
|
@ -119,6 +120,14 @@ class view(osv.osv):
|
||||||
# ensure there's only one match
|
# ensure there's only one match
|
||||||
[root] = arch.xpath(section_xpath)
|
[root] = arch.xpath(section_xpath)
|
||||||
|
|
||||||
|
# html text need to be escaped for xml storage
|
||||||
|
def escape_node(node):
|
||||||
|
node.text = node.text and html_escape(node.text)
|
||||||
|
node.tail = node.tail and html_escape(node.tail)
|
||||||
|
escape_node(replacement)
|
||||||
|
for descendant in replacement.iterdescendants():
|
||||||
|
escape_node(descendant)
|
||||||
|
|
||||||
root.text = replacement.text
|
root.text = replacement.text
|
||||||
root.tail = replacement.tail
|
root.tail = replacement.tail
|
||||||
# replace all children
|
# replace all children
|
||||||
|
|
|
@ -174,6 +174,16 @@ class TestViewSaving(common.TransactionCase):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_save_escaped_text(self):
|
||||||
|
view_id = self.registry('ir.ui.view').create(self.cr, self.uid, {
|
||||||
|
'arch':'<t>hello world</t>',
|
||||||
|
'type':'qweb'
|
||||||
|
})
|
||||||
|
view = self.registry('ir.ui.view').browse(self.cr, self.uid, view_id)
|
||||||
|
replacement = 'hello world & <angle brackets>!'
|
||||||
|
view.save(replacement, xpath='/t')
|
||||||
|
self.assertEqual(view.render(), replacement, 'html special characters wrongly escaped')
|
||||||
|
|
||||||
def test_save_only_embedded(self):
|
def test_save_only_embedded(self):
|
||||||
Company = self.registry('res.company')
|
Company = self.registry('res.company')
|
||||||
company_id = 1
|
company_id = 1
|
||||||
|
|
|
@ -945,7 +945,7 @@ class view(osv.osv):
|
||||||
def get_trans(text):
|
def get_trans(text):
|
||||||
if not text or not text.strip():
|
if not text or not text.strip():
|
||||||
return None
|
return None
|
||||||
text = h.unescape(text.strip())
|
text = text.strip()
|
||||||
if len(text) < 2 or (text.startswith('<!') and text.endswith('>')):
|
if len(text) < 2 or (text.startswith('<!') and text.endswith('>')):
|
||||||
return None
|
return None
|
||||||
return translate_func(text)
|
return translate_func(text)
|
||||||
|
|
Loading…
Reference in New Issue