From d70432deae847deb1e7760d2a9e4e9877d329ce8 Mon Sep 17 00:00:00 2001
From: Tim Graham <timograham@gmail.com>
Date: Wed, 2 Aug 2017 15:56:47 -0400
Subject: [PATCH] Refs #7697 -- Tested escaping of safe strings in the
 technical 500 debug view.

Tests were omitted in the original commit: a56a226241f5808b2eaf1e4b5a155d35047b8a06.
---
 tests/view_tests/tests/test_debug.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py
index 767fdfdbc9b..bb354a5cb6b 100644
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -354,7 +354,7 @@ class ExceptionReporterTests(SimpleTestCase):
                 try:
                     raise ValueError('Second exception') from explicit
                 except ValueError:
-                    raise IndexError('Final exception')
+                    raise IndexError(mark_safe('<p>Final exception</p>'))
         except Exception:
             # Custom exception handler, just pass it into ExceptionReporter
             exc_type, exc_value, tb = sys.exc_info()
@@ -368,10 +368,12 @@ class ExceptionReporterTests(SimpleTestCase):
         # one as plain text (for pastebin)
         self.assertEqual(2, html.count(explicit_exc.format("Top level")))
         self.assertEqual(2, html.count(implicit_exc.format("Second exception")))
+        self.assertEqual(10, html.count('&lt;p&gt;Final exception&lt;/p&gt;'))
 
         text = reporter.get_traceback_text()
         self.assertIn(explicit_exc.format("Top level"), text)
         self.assertIn(implicit_exc.format("Second exception"), text)
+        self.assertEqual(3, text.count('<p>Final exception</p>'))
 
     def test_request_and_message(self):
         "A message can be provided in addition to a request"
@@ -416,6 +418,16 @@ class ExceptionReporterTests(SimpleTestCase):
         self.assertIn('VAL\\xe9VAL', html)
         self.assertIn('EXC\\xe9EXC', html)
 
+    def test_local_variable_escaping(self):
+        """Safe strings in local variables are escaped."""
+        try:
+            local = mark_safe('<p>Local variable</p>')
+            raise ValueError(local)
+        except Exception:
+            exc_type, exc_value, tb = sys.exc_info()
+        html = ExceptionReporter(None, exc_type, exc_value, tb).get_traceback_html()
+        self.assertIn('<td class="code"><pre>&#39;&lt;p&gt;Local variable&lt;/p&gt;&#39;</pre></td>', html)
+
     def test_unprintable_values_handling(self):
         "Unprintable values should not make the output generation choke."
         try: