Changeset 13492


Ignore:
Timestamp:
24 Nov 2015, 11:50:10 (9 years ago)
Author:
Henrik Bettermann
Message:

Disable rendering of HTML tags in fullnames.

Location:
main/waeup.kofa/trunk/src/waeup/kofa
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_browser.py

    r13457 r13492  
    22622262        return
    22632263
     2264    def test_forbidden_name(self):
     2265        self.student.lastname = u'<TAG>Tester</TAG>'
     2266        self.browser.open(self.login_path)
     2267        self.browser.getControl(name="form.login").value = self.student_id
     2268        self.browser.getControl(name="form.password").value = 'spwd'
     2269        self.browser.getControl("Login").click()
     2270        self.assertTrue('XXX: Base Data' in self.browser.contents)
     2271        self.assertTrue('&lt;TAG&gt;Tester&lt;/TAG&gt;' in self.browser.contents)
     2272        self.assertFalse('<TAG>Tester</TAG>' in self.browser.contents)
     2273        return
     2274
    22642275    def test_setpassword(self):
    22652276        # Set password for first-time access
  • main/waeup.kofa/trunk/src/waeup/kofa/utils/utils.py

    r13198 r13492  
    262262        else:
    263263            name = '%s %s' % (firstname, lastname)
     264        if '<' in name:
     265            return 'XXX'
    264266        return string.capwords(
    265267            name.replace('-', ' - ')).replace(' - ', '-')
Note: See TracChangeset for help on using the changeset viewer.