orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use Jinja's tojson filter

Browse source
This commit is contained in:
David Lord 2021-02-01 22:41:49 -08:00
parent fdf5d11b51
commit b473e7c97c
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
7 changed files with 28 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tests/test_json.py
View file

@ -204,24 +204,17 @@ def test_json_attr(app, client):
assert rv.data == b"3"
def test_template_escaping(app, req_ctx):
render = flask.render_template_string
rv = flask.json.htmlsafe_dumps("</script>")
assert rv == '"\\u003c/script\\u003e"'
rv = render('{{ "</script>"|tojson }}')
assert rv == '"\\u003c/script\\u003e"'
rv = render('{{ "<\0/script>"|tojson }}')
assert rv == '"\\u003c\\u0000/script\\u003e"'
rv = render('{{ "<!--<script>"|tojson }}')
assert rv == '"\\u003c!--\\u003cscript\\u003e"'
rv = render('{{ "&"|tojson }}')
assert rv == '"\\u0026"'
rv = render('{{ "\'"|tojson }}')
assert rv == '"\\u0027"'
rv = render(
"<a ng-data='{{ data|tojson }}'></a>", data={"x": ["foo", "bar", "baz'"]}
def test_tojson_filter(app, req_ctx):
# The tojson filter is tested in Jinja, this confirms that it's
# using Flask's dumps.
rv = flask.render_template_string(
"const data = {{ data|tojson }};",
data={"name": "</script>", "time": datetime.datetime(2021, 2, 1, 7, 15)},
)
assert rv == (
'const data = {"name": "\\u003c/script\\u003e",'
' "time": "Mon, 01 Feb 2021 07:15:00 GMT"};'
)
assert rv == '<a ng-data=\'{"x": ["foo", "bar", "baz\\u0027"]}\'></a>'
def test_json_customization(app, client):