diff --git a/webapp-django/crashstats/crashstats/jinja2/crashstats/bugzilla_comment.txt b/webapp-django/crashstats/crashstats/jinja2/crashstats/bugzilla_comment.txt index 733d93481c..dd98a2828b 100644 --- a/webapp-django/crashstats/crashstats/jinja2/crashstats/bugzilla_comment.txt +++ b/webapp-django/crashstats/crashstats/jinja2/crashstats/bugzilla_comment.txt @@ -8,7 +8,7 @@ report bp-{{ uuid }}. Top {{ crashing_thread_frames|length }} frames of crashing thread: {% for frame in crashing_thread_frames -%} -{{ frame.frame }} {{ frame.module }} {{ frame.signature }} {{ frame.source }} +{{ frame.frame|safe}} {{ frame.module|safe }} {{ frame.signature|safe }} {{ frame.source|safe }} {% endfor %} ============================================================= {% endif %} diff --git a/webapp-django/crashstats/crashstats/tests/test_jinja_helpers.py b/webapp-django/crashstats/crashstats/tests/test_jinja_helpers.py index 507517259a..7f0f04d133 100644 --- a/webapp-django/crashstats/crashstats/tests/test_jinja_helpers.py +++ b/webapp-django/crashstats/crashstats/tests/test_jinja_helpers.py @@ -383,6 +383,26 @@ def test_comment_missing_everything(self): ]) bugzilla_submit_url(report, parsed_dump, 0, 'Core') + def test_comment_no_html_escaping(self): + """If a frame contains <, >, &, or ", they should not be HTML + escaped in the comment body. + + """ + report = self._create_report() + parsed_dump = self._create_dump(threads=[ + self._create_thread(frames=[ + self._create_frame( + frame=0, + module='&test_module', + signature='foo::bar(char* x, int y)', + file='"foo".cpp', + line=7, + ), + ]) + ]) + url = bugzilla_submit_url(report, parsed_dump, 0, 'Core') + assert quote_plus('0 &test_module foo::bar "foo".cpp:7') in url + class TestReplaceBugzillaLinks(TestCase): def test_simple(self):