Skip to content

Commit

Permalink
Merge pull request #2284 from uktrade/LTD-5746-hidden-field-exclusion…
Browse files Browse the repository at this point in the history 
…-tag

Ltd 5746 hidden field exclusion tag
  • Loading branch information
@kevincarrogan
kevincarrogan authored Dec 30, 2024
2 parents b914e77 + 3416e1e commit 633df0c
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 3 deletions.
5 changes: 2 additions & 3 deletions core/builtins/custom_tags.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,13 +178,12 @@ def str_date_only(value):
return localtime(parse(value)).strftime("%-d %B %Y")


@register.simple_tag
@mark_safe # noqa: S308
@register.inclusion_tag("inclusion_tags/hidden-field.html")
def hidden_field(key, value):
"""
Generates a hidden field from the given key and value
"""
return f'<input type="hidden" name="{key}" value="{value}">'
return {"key": key, "value": value}


@register.filter()
Expand Down
1 change: 1 addition & 0 deletions core/templates/inclusion_tags/hidden-field.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
<input type="hidden" name="{{ key }}" value="{{ value }}">
32 changes: 32 additions & 0 deletions unit_tests/core/builtins/test_custom_tags.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import datetime
import pytest

from pytest_django.asserts import assertHTMLEqual

from decimal import Decimal

from core.builtins import custom_tags
Expand Down Expand Up @@ -426,3 +428,33 @@ def test_pagination_params(url, page, expected):
def test_pagination():
with pytest.raises(ValueError):
custom_tags.pagination({}, link_type="madeup")


@pytest.mark.parametrize(
"input, context, expected",
[
(
"{% hidden_field 'test-key' 'test-value' %}",
{},
'<input name="test-key" type="hidden" value="test-value">',
),
(
"{% hidden_field key value %}",
{
"key": "test-key",
"value": "test-value",
},
'<input name="test-key" type="hidden" value="test-value">',
),
(
"{% hidden_field key value %}",
{
"key": '"><script>alert()</script><input type="hidden',
"value": '"><script>alert()</script><input type="hidden',
},
'<input type="hidden" name="&quot;&gt;&lt;script&gt;alert()&lt;/script&gt;&lt;input type=&quot;hidden" value="&quot;&gt;&lt;script&gt;alert()&lt;/script&gt;&lt;input type=&quot;hidden">',
),
],
)
def test_hidden_field(render_template_string, input, context, expected):
assertHTMLEqual(render_template_string(input, context), expected)

0 comments on commit 633df0c

Please sign in to comment.