incubator-allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject git commit: [#6859] Prevent escaping of cached html
Date Fri, 08 Nov 2013 16:53:33 GMT
Updated Branches:
  refs/heads/master 9f8ff48c8 -> f09d0b649


[#6859] Prevent escaping of cached html

Signed-off-by: Tim Van Steenburgh <tvansteenburgh@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-allura/commit/f09d0b64
Tree: http://git-wip-us.apache.org/repos/asf/incubator-allura/tree/f09d0b64
Diff: http://git-wip-us.apache.org/repos/asf/incubator-allura/diff/f09d0b64

Branch: refs/heads/master
Commit: f09d0b6491841ed283d840ad986bf69f4a86eab5
Parents: 9f8ff48
Author: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Authored: Fri Nov 8 16:46:10 2013 +0000
Committer: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Committed: Fri Nov 8 16:46:10 2013 +0000

----------------------------------------------------------------------
 Allura/allura/lib/app_globals.py                  |  2 +-
 Allura/allura/tests/test_globals.py               |  2 ++
 ForgeWiki/forgewiki/tests/functional/test_root.py | 14 ++++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/f09d0b64/Allura/allura/lib/app_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index 7771753..6ded51a 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -105,7 +105,7 @@ class ForgeMarkdown(markdown.Markdown):
         if cache.md5 is not None:
             md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
             if cache.md5 == md5:
-                return cache.html
+                return h.html.literal(cache.html)
 
         start = time.time()
         html = self.convert(source_text)

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/f09d0b64/Allura/allura/tests/test_globals.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 32cdffd..c35f69c 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -593,10 +593,12 @@ class TestCachedMarkdown(unittest.TestCase):
 
     @patch.dict('allura.lib.app_globals.config', markdown_cache_threshold='0')
     def test_valid_cache(self):
+        from jinja2 import Markup
         self.md.cached_convert(self.post, 'text')
         with patch.object(self.md, 'convert') as convert_func:
             html = self.md.cached_convert(self.post, 'text')
             self.assertEqual(html, self.expected_html)
+            self.assertIsInstance(html, Markup)
             self.assertFalse(convert_func.called)
             self.post.text = u"text [[macro]] pass"
             html = self.md.cached_convert(self.post, 'text')

http://git-wip-us.apache.org/repos/asf/incubator-allura/blob/f09d0b64/ForgeWiki/forgewiki/tests/functional/test_root.py
----------------------------------------------------------------------
diff --git a/ForgeWiki/forgewiki/tests/functional/test_root.py b/ForgeWiki/forgewiki/tests/functional/test_root.py
index a55176f..8be7ff8 100644
--- a/ForgeWiki/forgewiki/tests/functional/test_root.py
+++ b/ForgeWiki/forgewiki/tests/functional/test_root.py
@@ -578,6 +578,20 @@ class TestRootController(TestController):
         req.forms[1].submit()
         assert 'The resource was found at http://localhost/p/test/wiki/new_title/;' in self.app.get('/p/test/wiki/')
 
+    @patch.dict('allura.lib.app_globals.config', markdown_cache_threshold='0')
+    def test_cached_html(self):
+        """Ensure cached html is not escaped."""
+        html = '<p><span>My Html</span></p>'
+        self.app.post('/wiki/cache/update', params={
+                'title': 'cache',
+                'text': html,
+                'labels': '',
+                'viewable_by-0.id': 'all'})
+        # first request caches html, second serves from cache
+        r = self.app.get('/wiki/cache/')
+        r = self.app.get('/wiki/cache/')
+        assert_true(html in r)
+
     def test_page_delete(self):
         self.app.post('/wiki/aaa/update', params={
                 'title':'aaa',


Mime
View raw message