diff --git a/cms/static/cms/js/modules/cms.structureboard.js b/cms/static/cms/js/modules/cms.structureboard.js index f68b66dd3e2..1cf61f8528e 100644 --- a/cms/static/cms/js/modules/cms.structureboard.js +++ b/cms/static/cms/js/modules/cms.structureboard.js @@ -710,7 +710,7 @@ class StructureBoard { if (CMS.settings.mode === 'structure') { history.replaceState({}, '', url.toString()); - this.ui.html.addClass('cms-overflow'); + $('html.cms-structure-mode-structure').addClass('cms-overflow'); } this.ui.container.css('right', 0); diff --git a/cms/templatetags/cms_tags.py b/cms/templatetags/cms_tags.py index 479af045b3e..4902676ae1e 100644 --- a/cms/templatetags/cms_tags.py +++ b/cms/templatetags/cms_tags.py @@ -16,7 +16,7 @@ from django.template.loader import render_to_string from django.urls import reverse from django.utils.encoding import smart_str -from django.utils.html import escape +from django.utils.html import escape, strip_tags from django.utils.http import urlencode from django.utils.translation import get_language, override from django.utils.translation import gettext_lazy as _ @@ -405,7 +405,9 @@ def get_value(self, context, name, page_lookup): if page and name in self.valid_attributes: func = getattr(page, "get_%s" % name) ret_val = func(language=lang, fallback=True) - if not isinstance(ret_val, datetime): + if name == 'page_title': + ret_val = strip_tags(ret_val) + elif not isinstance(ret_val, datetime): ret_val = escape(ret_val) return ret_val return '' diff --git a/cms/tests/test_templatetags.py b/cms/tests/test_templatetags.py index 09017bdcba1..f056fd56090 100644 --- a/cms/tests/test_templatetags.py +++ b/cms/tests/test_templatetags.py @@ -10,7 +10,7 @@ from django.http import HttpResponse from django.test import RequestFactory from django.test.utils import override_settings -from django.utils.html import escape +from django.utils.html import strip_tags from django.utils.timezone import now from djangocms_text_ckeditor.cms_plugins import TextPlugin from sekizai.context import SekizaiContext @@ -55,20 +55,32 @@ def test_unicode_placeholder_name_fails_fast(self): def test_page_attribute_tag_escapes_content(self): script = '' + ampersand = 'Q&A page' class FakePage: + def __init__(self, title): + self.title = title + super().__init__() + def get_page_title(self, *args, **kwargs): - return script + return self.title class FakeRequest: - current_page = FakePage() GET = {'language': 'en'} - request = FakeRequest() + def __init__(self, page): + self.current_page = page + + request_script = FakeRequest(FakePage(script)) + request_ampersand = FakeRequest(FakePage(ampersand)) template = '{% load cms_tags %}{% page_attribute page_title %}' - output = self.render_template_obj(template, {}, request) - self.assertNotEqual(script, output) - self.assertEqual(escape(script), output) + output_script = self.render_template_obj(template, {}, request_script) + output_ampersand = self.render_template_obj(template, {}, request_ampersand) + + self.assertNotEqual(script, output_script) + self.assertEqual(ampersand, output_ampersand) + self.assertEqual(strip_tags(script), output_script) + self.assertEqual(strip_tags(ampersand), output_ampersand) def test_json_encoder(self): self.assertEqual(json_filter(True), 'true')