-
-
Notifications
You must be signed in to change notification settings - Fork 31.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed #33236 -- Fixed assertHTMLEqual() error message for escaped HTML. #15033
Conversation
Hello @pratyushmittal! Thank you for your contribution 💪 As it's your first contribution be sure to check out the patch review checklist. If you're fixing a ticket from Trac make sure to set the "Has patch" flag and include a link to this PR in the ticket! If you have any design or process questions then you can ask in the Django forum. Welcome aboard ⛵️! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pratyushmittal Thanks for this patch 👍
Thanks a lot @felixxm for the review and making the code simple :). I have made these changes in d43b2a7. |
@pratyushmittal Some cases are not covered, e.g. >>> html1 = "<br>"
>>> html2 = "<br>"
>>> self.assertHTMLEqual(html1, html2)
....
AssertionError: <br> != <br> |
Nice catch @felixxm. I am working on it. |
@pratyushmittal Thanks 👍 Welcome aboard ⛵ I pushed minor edits and add a list to |
Ah! Awesome. Thanks a lot @felixxm for the reviews. |
Throwing this out there, as the new tests don't look to cover it, does the problem exist for things like |
The decimal/hexadecimal character references are always converted to a named character reference, so this patch fixes error messages for them as well. I added an extra assertion. |
Ticket Link: https://code.djangoproject.com/ticket/33236
The diff shown in the error message of assertHTMLEqual seems to be converting escaped HTML text to unescaped text.
This makes it hard to write tests when testing XSS vulnerabilities in our tags and filters. Though the assertions work correct, the error messages don't show the correct differences.
Steps to reproduce
Expected Output
Actual Output
Fix
The message in assertHTMLEqual shows incorrect output because it shows the escaped HTML entities as unescaped.
The bug is probably caused because the
__str__
method in theElement
class treats all its children the same. The children are either a tree or string. In the case of a string, the Python's HTMLParserunescape
s the contents. For their string representation, we probably need toescape
them back.I have added a patch for this in this pull request.