Commits

tvansteenburgh committed fb0157c

Escape jinja textarea contents

  • Participants
  • Parent commits 2a89333

Comments (0)

Files changed (2)

File ew/jinja2_ew.py

     'name':rendered_name,
     'class':css_class,
     'readonly':readonly},
-    attrs)}}>{% if value %}{{value}}{% endif %}</textarea>''', 'jinja2')
+    attrs)}}>{% if value %}{{value|e}}{% endif %}</textarea>''', 'jinja2')
 
 class Checkbox(fields.Checkbox, _Jinja2Widget):
     template=File('ew.templates.jinja2.checkbox', 'jinja2')

File ew/tests/test_fields.py

         assert time(13,34) == t.to_python('1:34 pm', None)
 
     def test_textarea(self):
-        t = self.ew.TextArea(id="w-foo", name='foo')
+        t = self.ew.TextArea(id="w-foo", name='foo', value="<script/>")
         text = t.display()
-        assert text == '<textarea id="w-foo" name="foo"></textarea>', text
+        assert text == '<textarea id="w-foo" name="foo">&lt;script/&gt;</textarea>', text
 
     def test_checkbox(self):
         t = self.ew.Checkbox(id="w-foo", name='foo')