Skip to content

Commit ac3ea37

Browse files
fsbraunfsbraun
committed
fix: Validate component names
1 parent ac8a4d5 commit ac3ea37

File tree

2 files changed

+32
-0
lines changed

2 files changed

+32
-0
lines changed

djangocms_frontend/templatetags/cms_component.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,10 @@ class based on the implate it is part of. The component class is generated
3030
if "_cms_components" in context:
3131
if len(args) != 1: # pragma: no cover
3232
raise ValueError("The cms_component tag requires exactly one positional argument: the component name.")
33+
if not isinstance(args[0], str):
34+
raise ValueError("The component name must be a string.")
35+
if not args[0].isidentifier():
36+
raise ValueError("The component name must be a valid Python identifier.")
3337
context["_cms_components"]["cms_component"].append((args, kwargs))
3438
return ""
3539

tests/test_autocomponent.py

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,34 @@ def test_multiple_cms_component_tags_error(self):
107107
with self.assertRaises(TemplateSyntaxError):
108108
Template(invalid_template)
109109

110+
def test_cms_component_invalid_identifier(self):
111+
# Test that cms_component tag raises ValueError for invalid identifiers
112+
from django.template import Context
113+
from djangocms_frontend.templatetags.cms_component import cms_component
114+
115+
context = Context({"_cms_components": {"cms_component": []}})
116+
117+
# Valid identifier should work
118+
cms_component(context, "valid_name")
119+
self.assertEqual(len(context["_cms_components"]["cms_component"]), 1)
120+
121+
# Invalid identifiers should raise ValueError
122+
with self.assertRaises(ValueError) as cm:
123+
cms_component(context, "invalid-name")
124+
self.assertIn("valid Python identifier", str(cm.exception))
125+
126+
with self.assertRaises(ValueError) as cm:
127+
cms_component(context, "123invalid")
128+
self.assertIn("valid Python identifier", str(cm.exception))
129+
130+
with self.assertRaises(ValueError) as cm:
131+
cms_component(context, "invalid name")
132+
self.assertIn("valid Python identifier", str(cm.exception))
133+
134+
with self.assertRaises(ValueError) as cm:
135+
cms_component(context, "")
136+
self.assertIn("valid Python identifier", str(cm.exception))
137+
110138
def test_component_folder_selection(self):
111139
from djangocms_frontend.component_pool import find_cms_component_templates
112140

0 commit comments

Comments
 (0)