Add check for HTML entities

14abf32b · Robert Raposa · a2c686cf · 14abf32b · 14abf32b
Commit 14abf32b authored Apr 12, 2016 by Robert Raposa
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 3 deletions

scripts/safe_template_linter.py
+17 -3

scripts/tests/test_safe_template_linter.py
+8 -0

No files found.
--- a/scripts/safe_template_linter.py
+++ b/scripts/safe_template_linter.py
@@ -246,6 +246,10 @@ class Rules(Enum):
        'mako-wrap-html',
        "String containing HTML should be wrapped with call to HTML()."
    )
+    mako_html_entities = (
+        'mako-html-entities',
+        "HTML entities should be plain text or wrapped with HTML()."
+    )
    underscore_not_escaped = (
        'underscore-not-escaped',
        'Expressions should be escaped using <%- expression %>.'
@@ -761,7 +765,7 @@ class MakoTemplateLinter(object):
            context = self._get_context(contexts, expression['start_index'])
            self._check_filters(mako_template, expression, context, has_page_default, results)
            self._check_deprecated_display_name(expression, results)
-            self._check_html_and_text(expression, results)
+            self._check_html_and_text(expression, has_page_default, results)
    def _check_deprecated_display_name(self, expression, results):
        """
@@ -779,13 +783,15 @@ class MakoTemplateLinter(object):
                Rules.mako_deprecated_display_name, expression
            ))
-    def _check_html_and_text(self, expression, results):
+    def _check_html_and_text(self, expression, has_page_default, results):
        """
        Checks rules related to proper use of HTML() and Text().
        Arguments:
            expression: A dict containing the start_index, end_index, and
                expression (text) of the expression.
+            has_page_default: True if the page is marked as default, False
+                otherwise.
            results: A list of results into which violations will be added.
        """
@@ -836,13 +842,21 @@ class MakoTemplateLinter(object):
                        if html_inner_start_index <= string.start_index and string.end_index <= html_inner_end_index:
                            unwrapped_html_strings.remove(string)
-        # check strings not wrapped in HTML()
+        # check strings not wrapped in HTML() for '<'
        for string in unwrapped_html_strings:
            if '<' in string.string_inner:
                results.violations.append(ExpressionRuleViolation(
                    Rules.mako_wrap_html, expression
                ))
                break
+        # check strings not wrapped in HTML() for HTML entities
+        if has_page_default:
+            for string in unwrapped_html_strings:
+                if re.search(r"&[#]?[a-zA-Z0-9]+;", string.string_inner):
+                    results.violations.append(ExpressionRuleViolation(
+                        Rules.mako_html_entities, expression
+                    ))
+                    break
    def _check_filters(self, mako_template, expression, context, has_page_default, results):
        """

--- a/scripts/tests/test_safe_template_linter.py
+++ b/scripts/tests/test_safe_template_linter.py
@@ -255,6 +255,14 @@ class TestMakoTemplateLinter(TestCase):
            'expression': "${ HTML('<span></span>') + 'some other text' }",
            'rule': Rules.mako_html_alone
        },
+        {
+            'expression': "${'Rock &amp; Roll'}",
+            'rule': Rules.mako_html_entities
+        },
+        {
+            'expression': "${'Rock &#38; Roll'}",
+            'rule': Rules.mako_html_entities
+        },
    )
    def test_check_mako_with_text_and_html(self, data):
        """