[Django] #33236: assertHTMLEqual shows incorrect diff
Django
---------------------------------------------+------------------------
Reporter: Pratyush Mittal | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 3.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
---------------------------------------------+------------------------
The diff shown in the error message of assertHTMLEqual seems to be
converting escaped HTML text to unescaped text.
This makes it hard to write tests when testing XSS vulnerabilities in our
tags and filters. Though the assertions work correct, the error messages
don't show the correct differences.
**Steps to reproduce**
{{{
from django.test import TestCase
class UtilsTestCase(TestCase):
def test_assersion(self):
escaped = "<p><foo></p>"
raw = "<p><foo></p>"
self.assertHTMLEqual(escaped, raw)
}}}
**Expected Output**
{{{
AssertionError: <p>
<foo>
</p> != <p>
<foo>
</p>
<p>
- <foo>
+ <foo>
</p>
}}}
**Actual Output**
{{{
AssertionError: <p>
<foo>
</p> != <p>
<foo>
</p>
<p>
<foo>
</p>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33236>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Pratyush Mittal | Owner: nobody
Type: Bug | Status: new
Component: Testing framework | Version: 3.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Pratyush Mittal):
The bug is probably caused because the `__str__` method in the `Element`
class treats all its children the same. The children are either a tree or
string. In the case of a string, the Python's HTMLParser unescapes the
contents. For their string representation, we probably need to escape them
back.
I have tried to fix this in this pull-request:
https://github.com/django/django/pull/15033
--
Ticket URL: <https://code.djangoproject.com/ticket/33236#comment:1>
Django
-------------------------------------+-------------------------------------
Reporter: Pratyush Mittal | Owner: Pratyush
| Mittal
Type: Bug | Status: assigned
Component: Testing framework | Version: 3.2
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* owner: nobody => Pratyush Mittal
* needs_better_patch: 0 => 1
* status: new => assigned
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/33236#comment:2>
Django
-------------------------------------+-------------------------------------
Reporter: Pratyush Mittal | Owner: Pratyush
| Mittal
Type: Bug | Status: assigned
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/33236#comment:3>
Django
-------------------------------------+-------------------------------------
Reporter: Pratyush Mittal | Owner: Pratyush
| Mittal
Component: Testing framework | Version: 3.2
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"f38458fe56bf8850da72a924bd2e8ff59c6adf06" f38458fe]:
{{{
#!CommitTicketReference repository=""
revision="f38458fe56bf8850da72a924bd2e8ff59c6adf06"
Fixed #33236 -- Fixed assertHTMLEqual() error messages for escaped HTML.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33236#comment:4>