Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 5004:494d255043c9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Display errors containing HTML with RejectRaw (issue2550847) In general outputting un-escaped HTML in a message to the user is an unsafe operation, which is why error message are escaped by default. In some cases though it is desirable for a detector to include HTML within an error message. For these cases where HTML is required the RejectRaw exception can be used within the detector.
author John Kristensen <john@jerrykan.com>
date Sat, 10 Oct 2015 23:35:51 +1100
parents 13f8f88ad984
children 0428d2004a86
line wrap: on
line diff
--- a/roundup/cgi/client.py	Sat Oct 10 23:07:17 2015 +1100
+++ b/roundup/cgi/client.py	Sat Oct 10 23:35:51 2015 +1100
@@ -16,7 +16,7 @@
 from roundup import roundupdb, date, hyperdb, password
 from roundup.cgi import templating, cgitb, TranslationService
 from roundup.cgi.actions import *
-from roundup.exceptions import *
+from roundup.exceptions import LoginError, Reject, RejectRaw, Unauthorised
 from roundup.cgi.exceptions import *
 from roundup.cgi.form_parser import FormParser
 from roundup.mailer import Mailer, MessageSendError, encode_quopri
@@ -1274,9 +1274,9 @@
                 return getattr(self, action_klass)()
             else:
                 return action_klass(self).execute()
-
-        except (ValueError, Reject), err:
-            self.add_error_message(str(err))
+        except (ValueError, Reject) as err:
+            escape = not isinstance(err, RejectRaw)
+            self.add_error_message(str(err), escape=escape)
 
     def get_action_class(self, action_name):
         if (hasattr(self.instance, 'cgi_actions') and
Roundup Issue Tracker: http://roundup-tracker.org/