Browse Source
Merge pull request #181 from Comunitea/10.0-report_py3o_imporve_escape_html
[10.0][FIX]report_py3o: Escape correctly html characters.
pull/211/head
Alexis de Lattre
7 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
15 additions and
3 deletions
-
report_py3o/models/py3o_report.py
-
report_py3o/tests/test_report_py3o.py
|
@ -7,6 +7,7 @@ from base64 import b64decode |
|
|
from cStringIO import StringIO |
|
|
from cStringIO import StringIO |
|
|
import logging |
|
|
import logging |
|
|
import os |
|
|
import os |
|
|
|
|
|
import cgi |
|
|
from contextlib import closing |
|
|
from contextlib import closing |
|
|
import subprocess |
|
|
import subprocess |
|
|
|
|
|
|
|
@ -64,8 +65,7 @@ def py3o_report_extender(report_xml_id=None): |
|
|
|
|
|
|
|
|
def format_multiline_value(value): |
|
|
def format_multiline_value(value): |
|
|
if value: |
|
|
if value: |
|
|
return Markup(value.replace('<', '<').replace('>', '>'). |
|
|
|
|
|
replace('\n', '<text:line-break/>'). |
|
|
|
|
|
|
|
|
return Markup(cgi.escape(value).replace('\n', '<text:line-break/>'). |
|
|
replace('\t', '<text:s/><text:s/><text:s/><text:s/>')) |
|
|
replace('\t', '<text:s/><text:s/><text:s/><text:s/>')) |
|
|
return "" |
|
|
return "" |
|
|
|
|
|
|
|
|
|
@ -15,8 +15,16 @@ from odoo import tools |
|
|
from odoo.tests.common import TransactionCase |
|
|
from odoo.tests.common import TransactionCase |
|
|
from odoo.exceptions import ValidationError |
|
|
from odoo.exceptions import ValidationError |
|
|
|
|
|
|
|
|
from ..models.py3o_report import TemplateNotFound |
|
|
|
|
|
|
|
|
from ..models.py3o_report import TemplateNotFound, format_multiline_value |
|
|
from base64 import b64encode |
|
|
from base64 import b64encode |
|
|
|
|
|
import logging |
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__) |
|
|
|
|
|
|
|
|
|
|
|
try: |
|
|
|
|
|
from genshi.core import Markup |
|
|
|
|
|
except ImportError: |
|
|
|
|
|
logger.debug('Cannot import genshi.core') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@contextmanager |
|
|
@contextmanager |
|
@ -188,3 +196,7 @@ class TestReportPy3o(TransactionCase): |
|
|
# non exising files are not valid template |
|
|
# non exising files are not valid template |
|
|
self.assertFalse(self.py3o_report._get_template_from_path( |
|
|
self.assertFalse(self.py3o_report._get_template_from_path( |
|
|
'/etc/test.odt')) |
|
|
'/etc/test.odt')) |
|
|
|
|
|
|
|
|
|
|
|
def test_escape_html_characters_format_multiline_value(self): |
|
|
|
|
|
self.assertEqual(Markup('<><text:line-break/>&test;'), |
|
|
|
|
|
format_multiline_value('<>\n&test;')) |