Ticket #11376: escapetests.diff

tests.py

@@ -428 +438 @@
             #filters should accept empty string constants
             'filter-syntax20': ('{{ ""|default_if_none:"was none" }}', {}, ""),
 
+            # Html escaping is not to be confused with for example url escaping.
+            'escape01': ('{{ var }}',{ "var": "< > & \" \' # = % $" }, "&lt; &gt; &amp; &quot; &#39; # = % $" ),
+            'escape02': ('{{ var }}',{ "var": "this & that" }, "this &amp; that" ),
+
+            # Strings are compared unescaped.
+            'escape03': ('{% ifequal var \"this & that\" %}yes{% endifequal %}',{ "var": "this & that" }, "yes" ),
+
+            # Arguments to filters are 'safe' and manipulate their input unescaped.
+            'escape04': ('{{ var|cut:\"&\" }}',{ "var": "this & that" }, "this  that" ),
+            'escape05': ('{{ varList|join:\" & \" }}',{ "var": ("Tom", "Dick", "Harry") }, "Tom & Dick & Harry" ),
+
+            # Literal strings are safe.
+            'escape06': ('{{ \"this & that\" }}',{}, "this & that" ),
+
+            # Iterating outputs safe characters.
+            'escape07': ('{% for letter in list %}{{ letter }},{% endfor %}',{}, "K,&amp;,R," ),
+
+            # Escape requirement survives lookup.
+            'escape08': ('{{ var.key }}',{ "var": {"key": "this & that" } }, "this &amp; that" ),
+
             ### COMMENT SYNTAX ########################################################
             'comment-syntax01': ("{# this is hidden #}hello", {}, "hello"),
             'comment-syntax02': ("{# this is hidden #}hello{# foo #}", {}, "hello"),