Properly handle quotes in help_text

Prior to this, django-bootstrap3 didn't escape quotes, so help_text with
quotes resulted in cut-off text and additional random (bogus) attributes.

Add some appropriate help text to preexisting unit test fields for test
purposes.

Author: joshkel

bootstrap3/renderers.py

@@ -9,7 +9,7 @@
 from django.forms.extras import SelectDateWidget
 from django.forms.forms import BaseForm, BoundField
 from django.forms.formsets import BaseFormSet
-from django.utils.html import conditional_escape, strip_tags
+from django.utils.html import conditional_escape, escape, strip_tags
 from django.template import Context
 from django.template.loader import get_template
 from django.utils.safestring import mark_safe
@@ -273,7 +273,7 @@ def add_placeholder_attrs(self):
     def add_help_attrs(self):
         if not isinstance(self.widget, CheckboxInput):
             self.widget.attrs['title'] = self.widget.attrs.get(
-                'title', strip_tags(self.field_help))
+                'title', escape(strip_tags(self.field_help)))
 
     def add_required_attrs(self):
         if self.set_required and is_widget_required_attribute(self.widget):
@@ -306,7 +306,7 @@ def put_inside_label(self, html):
         content = '{field} {label}'.format(field=html, label=self.field.label)
         return render_label(
             content=content, label_for=self.field.id_for_label,
-            label_title=strip_tags(self.field_help))
+            label_title=escape(strip_tags(self.field_help)))
 
     def fix_date_select_input(self, html):
         div1 = '<div class="col-xs-4">'

bootstrap3/tests.py

@@ -13,6 +13,11 @@
 from .exceptions import BootstrapError
 from .utils import add_css_class
 
+try:
+    from html.parser import HTMLParser
+except ImportError:
+    from HTMLParser import HTMLParser
+
 
 RADIO_CHOICES = (
     ('1', 'Radio 1'),
@@ -47,10 +52,15 @@ class TestForm(forms.Form):
     )
     password = forms.CharField(widget=forms.PasswordInput)
     message = forms.CharField(required=False, help_text='<i>my_help_text</i>')
-    sender = forms.EmailField(label='Sender © unicode')
+    sender = forms.EmailField(
+        label='Sender © unicode',
+        help_text='E.g., "[email protected]"')
     secret = forms.CharField(initial=42, widget=forms.HiddenInput)
     cc_myself = forms.BooleanField(
-        required=False, help_text='You will get a copy in your mailbox.')
+        required=False,
+        help_text='cc stands for "carbon copy." '
+                  'You will get a copy in your mailbox.'
+    )
     select1 = forms.ChoiceField(choices=RADIO_CHOICES)
     select2 = forms.MultipleChoiceField(
         choices=RADIO_CHOICES,
@@ -136,6 +146,23 @@ def render_field(field, **context_args):
     return render_template('{% bootstrap_field field %}', **context_args)
 
 
+def get_title_from_html(html):
+    class GetTitleParser(HTMLParser):
+        def __init__(self):
+            HTMLParser.__init__(self)
+            self.title = None
+
+        def handle_starttag(self, tag, attrs):
+            for attr, value in attrs:
+                if attr == 'title':
+                    self.title = value
+
+    parser = GetTitleParser()
+    parser.feed(html)
+
+    return parser.title
+
+
 class SettingsTest(TestCase):
     def test_settings(self):
         from .bootstrap import BOOTSTRAP3
@@ -265,6 +292,14 @@ def test_show_help(self):
         res = render_template('{% bootstrap_field form.subject show_help=0 %}')
         self.assertNotIn('my_help_text', res)
 
+    def test_help_with_quotes(self):
+        # Checkboxes get special handling, so test a checkbox and something else
+        res = render_form_field('sender')
+        self.assertEqual(get_title_from_html(res), TestForm.base_fields['sender'].help_text)
+
+        res = render_form_field('cc_myself')
+        self.assertEqual(get_title_from_html(res), TestForm.base_fields['cc_myself'].help_text)
+
     def test_subject(self):
         res = render_form_field('subject')
         self.assertIn('type="text"', res)