Browse Source

[FIX]report_py3o: Escape correctly html characters.

14.0-report-py3o-pr-506
jesusVMayor 7 years ago
committed by default
parent
commit
a88eb8a838
  1. 4
      report_py3o/models/py3o_report.py
  2. 14
      report_py3o/tests/test_report_py3o.py

4
report_py3o/models/py3o_report.py

@ -7,6 +7,7 @@ from base64 import b64decode
from cStringIO import StringIO from cStringIO import StringIO
import logging import logging
import os import os
import cgi
from contextlib import closing from contextlib import closing
import subprocess import subprocess
@ -64,8 +65,7 @@ def py3o_report_extender(report_xml_id=None):
def format_multiline_value(value): def format_multiline_value(value):
if value: if value:
return Markup(value.replace('<', '&lt;').replace('>', '&gt;').
replace('\n', '<text:line-break/>').
return Markup(cgi.escape(value).replace('\n', '<text:line-break/>').
replace('\t', '<text:s/><text:s/><text:s/><text:s/>')) replace('\t', '<text:s/><text:s/><text:s/><text:s/>'))
return "" return ""

14
report_py3o/tests/test_report_py3o.py

@ -15,8 +15,16 @@ from odoo import tools
from odoo.tests.common import TransactionCase from odoo.tests.common import TransactionCase
from odoo.exceptions import ValidationError from odoo.exceptions import ValidationError
from ..models.py3o_report import TemplateNotFound
from ..models.py3o_report import TemplateNotFound, format_multiline_value
from base64 import b64encode from base64 import b64encode
import logging
logger = logging.getLogger(__name__)
try:
from genshi.core import Markup
except ImportError:
logger.debug('Cannot import genshi.core')
@contextmanager @contextmanager
@ -188,3 +196,7 @@ class TestReportPy3o(TransactionCase):
# non exising files are not valid template # non exising files are not valid template
self.assertFalse(self.py3o_report._get_template_from_path( self.assertFalse(self.py3o_report._get_template_from_path(
'/etc/test.odt')) '/etc/test.odt'))
def test_escape_html_characters_format_multiline_value(self):
self.assertEqual(Markup('&lt;&gt;<text:line-break/>&amp;test;'),
format_multiline_value('<>\n&test;'))
Loading…
Cancel
Save