Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not escape org name twice #6550

Merged
merged 1 commit into from
Sep 21, 2022
Merged

Do not escape org name twice #6550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions securedrop/journalist_app/admin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import binascii
import os
from html import escape
from typing import Optional, Union

import werkzeug
Expand Down Expand Up @@ -132,7 +131,7 @@ def update_org_name() -> Union[str, werkzeug.Response]:
if form.validate_on_submit():
try:
value = request.form["organization_name"]
InstanceConfig.set_organization_name(escape(value, quote=True))
InstanceConfig.set_organization_name(value)
flash(gettext("Preferences saved."), "org-name-success")
except Exception:
flash(gettext("Failed to update organization name."), "org-name-error")
Expand Down
20 changes: 0 additions & 20 deletions securedrop/tests/test_journalist.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
import random
import zipfile
from base64 import b64decode
from html import escape as htmlescape
from io import BytesIO
from pathlib import Path

Expand Down Expand Up @@ -2003,25 +2002,6 @@ def test_orgname_oversized_fails(config, journalist_app, test_admin, locale):
assert InstanceConfig.get_current().organization_name == "SecureDrop"


@flaky(rerun_filter=utils.flaky_filter_xfail)
@pytest.mark.parametrize("locale", get_test_locales())
def test_orgname_html_escaped(config, journalist_app, test_admin, locale):
t_name = '"> <a href=foo>'
with journalist_app.test_client() as app:
_login_user(app, test_admin["username"], test_admin["password"], test_admin["otp_secret"])
form = journalist_app_module.forms.OrgNameForm(organization_name=t_name)
assert InstanceConfig.get_current().organization_name == "SecureDrop"
with InstrumentedApp(journalist_app) as ins:
resp = app.post(
url_for("admin.update_org_name", l=locale), data=form.data, follow_redirects=True
)
assert page_language(resp.data) == language_tag(locale)
msgids = ["Preferences saved."]
with xfail_untranslated_messages(config, locale, msgids):
ins.assert_message_flashed(gettext(msgids[0]), "org-name-success")
assert InstanceConfig.get_current().organization_name == htmlescape(t_name, quote=True)


def test_logo_default_available(journalist_app):
# if the custom image is available, this test will fail
custom_image_location = os.path.join(config.SECUREDROP_ROOT, "static/i/custom_logo.png")
Expand Down