github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Correctly escape output of ?_trace, refs #1360

Browse source
This commit is contained in:
Simon Willison 2021-06-05 14:49:16 -07:00
commit 8f311d6c1d
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/test_html.py
View file

@ -1699,3 +1699,9 @@ def test_unavailable_table_does_not_break_sort_relationships():
) as client:
response = client.get("/?_sort=relationships")
assert response.status == 200
def test_trace_correctly_escaped(app_client):
response = app_client.get("/fixtures?sql=select+'<h1>Hello'&_trace=1")
assert "select '<h1>Hello" not in response.text
assert "select &#39;&lt;h1&gt;Hello" in response.text