Remove encoding of HTML entities by the API#2296
Conversation
… the flag used for encoding
There was a problem hiding this comment.
Pull request overview
This PR adjusts API v2 database-to-JSON string decoding to decode both single and double quotes, aligning it with the existing DB encoding behavior and preventing malformed/incorrect config values (as described in #2278).
Changes:
- Update
html_entity_decode()flag fromENT_COMPATtoENT_QUOTESfor string-typed features indb2json().
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Maybe it would make sense to write a pytest which tests creating and/or patching some object with some umlauts or other characters which would be affected by this htmlentities to verify for the future that it does not get added/changed by accident. |
|
I've added two more tests, each of which should by itself have caught the underlying issue with this bug. There is still lot's of uses of |
| elseif (str_starts_with($feature['type'], 'str')) { | ||
| $val = htmlentities($obj, ENT_QUOTES, "UTF-8"); | ||
| $val = $obj; | ||
| } |
| def test_blacklist_chars(self): | ||
| config = Config.objects.get(item='blacklistChars') | ||
| config.save() | ||
| model_obj = self.create_test_object() | ||
| with self.assertRaises(HashtopolisResponseError) as e: | ||
| self._test_patch(model_obj, 'attackCmd', config.value) | ||
| self.assertEqual(e.exception.status_code, 500) No newline at end of file |
| from hashtopolis import Config | ||
| from utils import BaseTest | ||
|
|
||
| from hashtopolis.hashtopolis import HashtopolisResponseError |
There was a problem hiding this comment.
Removed the unused HashtopolisResponseError import in commit $(git rev-parse --short HEAD).
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
AFAIK all other uses of htmlentities() are mostly tied to the old frontend or at least due to it, so it will be easy to remove them when we start removing it. |
Fixes #2278