From d42e6d348bb8f582206e15896c134bcc4bdc060c Mon Sep 17 00:00:00 2001 From: Hugo Osvaldo Barrera Date: Sun, 6 Dec 2015 12:21:52 -0300 Subject: [PATCH] Escape performable tags See this entry[1] in the django 1.9 release notes for details. [1]: https://docs.djangoproject.com/en/1.9/releases/1.9/#simple-tag-now-wraps-tag-output-in-conditional-escape --- analytical/templatetags/performable.py | 3 ++- analytical/tests/test_tag_performable.py | 11 ++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/analytical/templatetags/performable.py b/analytical/templatetags/performable.py index e357783..847f9c9 100644 --- a/analytical/templatetags/performable.py +++ b/analytical/templatetags/performable.py @@ -7,6 +7,7 @@ from __future__ import absolute_import import re from django.template import Library, Node, TemplateSyntaxError +from django.utils.safestring import mark_safe from analytical.utils import is_internal_ip, disable_html, get_identity, \ get_required_setting @@ -71,7 +72,7 @@ def performable_embed(hostname, page_id): """ Include a Performable landing page. """ - return EMBED_CODE % {'hostname': hostname, 'page_id': page_id} + return mark_safe(EMBED_CODE % {'hostname': hostname, 'page_id': page_id}) def contribute_to_analytical(add_node): diff --git a/analytical/tests/test_tag_performable.py b/analytical/tests/test_tag_performable.py index befee4b..2b1e16d 100644 --- a/analytical/tests/test_tag_performable.py +++ b/analytical/tests/test_tag_performable.py @@ -63,8 +63,9 @@ class PerformableEmbedTagTestCase(TagTestCase): def test_tag(self): domain = 'example.com' page = 'test' - r = self.render_tag('performable', 'performable_embed "%s" "%s"' - % (domain, page)) - self.assertTrue( - "$f.initialize({'host': 'example.com', 'page': 'test'});" in r, - r) + tag = self.render_tag( + 'performable', 'performable_embed "%s" "%s"' % (domain, page) + ) + self.assertIn( + "$f.initialize({'host': 'example.com', 'page': 'test'});", tag + )