[#6859] Prevent escaping of cached html
Signed-off-by: Tim Van Steenburgh <tvansteenburgh@gmail.com>
diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index 7771753..6ded51a 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -105,7 +105,7 @@
if cache.md5 is not None:
md5 = hashlib.md5(source_text.encode('utf-8')).hexdigest()
if cache.md5 == md5:
- return cache.html
+ return h.html.literal(cache.html)
start = time.time()
html = self.convert(source_text)
diff --git a/Allura/allura/tests/test_globals.py b/Allura/allura/tests/test_globals.py
index 32cdffd..c35f69c 100644
--- a/Allura/allura/tests/test_globals.py
+++ b/Allura/allura/tests/test_globals.py
@@ -593,10 +593,12 @@
@patch.dict('allura.lib.app_globals.config', markdown_cache_threshold='0')
def test_valid_cache(self):
+ from jinja2 import Markup
self.md.cached_convert(self.post, 'text')
with patch.object(self.md, 'convert') as convert_func:
html = self.md.cached_convert(self.post, 'text')
self.assertEqual(html, self.expected_html)
+ self.assertIsInstance(html, Markup)
self.assertFalse(convert_func.called)
self.post.text = u"text [[macro]] pass"
html = self.md.cached_convert(self.post, 'text')
diff --git a/ForgeWiki/forgewiki/tests/functional/test_root.py b/ForgeWiki/forgewiki/tests/functional/test_root.py
index a55176f..8be7ff8 100644
--- a/ForgeWiki/forgewiki/tests/functional/test_root.py
+++ b/ForgeWiki/forgewiki/tests/functional/test_root.py
@@ -578,6 +578,20 @@
req.forms[1].submit()
assert 'The resource was found at http://localhost/p/test/wiki/new_title/;' in self.app.get('/p/test/wiki/')
+ @patch.dict('allura.lib.app_globals.config', markdown_cache_threshold='0')
+ def test_cached_html(self):
+ """Ensure cached html is not escaped."""
+ html = '<p><span>My Html</span></p>'
+ self.app.post('/wiki/cache/update', params={
+ 'title': 'cache',
+ 'text': html,
+ 'labels': '',
+ 'viewable_by-0.id': 'all'})
+ # first request caches html, second serves from cache
+ r = self.app.get('/wiki/cache/')
+ r = self.app.get('/wiki/cache/')
+ assert_true(html in r)
+
def test_page_delete(self):
self.app.post('/wiki/aaa/update', params={
'title':'aaa',