Refs #2159 -- Do not HTML-escape traces in the cache panel

Author: matthiask

debug_toolbar/templates/debug_toolbar/panels/cache.html

@@ -61,7 +61,7 @@ <h4>{% translate "Calls" %}</h4>
         </tr>
         <tr class="djUnselected djToggleDetails_{{ forloop.counter }}" id="cacheDetails_{{ forloop.counter }}">
           <td colspan="1"></td>
-          <td colspan="5"><pre class="djdt-stack">{{ call.trace }}</pre></td>
+          <td colspan="5"><pre class="djdt-stack">{{ call.trace|safe }}</pre></td>
         </tr>
       {% endfor %}
     </tbody>

tests/panels/test_cache.py

@@ -128,6 +128,8 @@ def test_insert_content(self):
         content = self.panel.content
         self.assertIn("café", content)
         self.assertValidHTML(content)
+        # ensure traces aren't escaped
+        self.assertIn('<span class="djdt-path">', content)
 
     def test_generate_server_timing(self):
         self.assertEqual(len(self.panel.calls), 0)

tests/test_store.py

@@ -2,6 +2,7 @@
 
 from django.test import TestCase
 from django.test.utils import override_settings
+from django.utils.safestring import SafeData, mark_safe
 
 from debug_toolbar import store
 
@@ -97,6 +98,18 @@ def test_panel(self):
         self.store.save_panel("bar", "bar.panel", {"a": 1})
         self.assertEqual(self.store.panel("bar", "bar.panel"), {"a": 1})
 
+    def test_serialize_safestring(self):
+        before = {"string": mark_safe("safe")}
+
+        self.store.save_panel("bar", "bar.panel", before)
+        after = self.store.panel("bar", "bar.panel")
+
+        self.assertFalse(type(before["string"]) is str)
+        self.assertTrue(isinstance(before["string"], SafeData))
+
+        self.assertTrue(type(after["string"]) is str)
+        self.assertFalse(isinstance(after["string"], SafeData))
+
 
 class StubStore(store.BaseStore):
     pass