diff --git a/src/registrar/forms/application_wizard.py b/src/registrar/forms/application_wizard.py index 9a3c7cc27..e55b595fb 100644 --- a/src/registrar/forms/application_wizard.py +++ b/src/registrar/forms/application_wizard.py @@ -23,8 +23,10 @@ from registrar.models import Contact, DomainApplication, Domain logger = logging.getLogger(__name__) - -REQUIRED_SUFFIX = mark_safe( +# nosec because this use of mark_safe does not introduce a cross-site scripting +# vulnerability because there is no untrusted content inside. It is +# only being used to pass a specific HTML entity into a template. +REQUIRED_SUFFIX = mark_safe( # nosec ' *' ) @@ -176,7 +178,7 @@ class AuthorizingOfficialForm(RegistrarForm): email = forms.EmailField( label="Email", label_suffix=REQUIRED_SUFFIX, - error_messages={"invalid": "Please enter a valid email address."} + error_messages={"invalid": "Please enter a valid email address."}, ) phone = PhoneNumberField( label="Phone", @@ -306,7 +308,9 @@ class PurposeForm(RegistrarForm): purpose = forms.CharField( label="Purpose", widget=forms.Textarea(), - error_messages={"required": "You must enter some information about the purpose of your domain"} + error_messages={ + "required": "Please enter some information about the purpose of your domain" + }, ) @@ -349,7 +353,7 @@ class YourContactForm(RegistrarForm): email = forms.EmailField( label="Email", label_suffix=REQUIRED_SUFFIX, - error_messages={"invalid": "Please enter a valid email address."} + error_messages={"invalid": "Please enter a valid email address."}, ) phone = PhoneNumberField( label="Phone", @@ -379,7 +383,6 @@ class OtherContactsForm(RegistrarForm): if other_contacts is not None: super().from_database(other_contacts) - first_name = forms.CharField( label="First name/given name", label_suffix=REQUIRED_SUFFIX, @@ -399,7 +402,7 @@ class OtherContactsForm(RegistrarForm): email = forms.EmailField( label="Email", label_suffix=REQUIRED_SUFFIX, - error_messages={"invalid": "Please enter a valid email address."} + error_messages={"invalid": "Please enter a valid email address."}, ) phone = PhoneNumberField( label="Phone", diff --git a/src/registrar/tests/test_forms.py b/src/registrar/tests/test_forms.py index 697d6d2c1..10138036b 100644 --- a/src/registrar/tests/test_forms.py +++ b/src/registrar/tests/test_forms.py @@ -16,14 +16,15 @@ from registrar.forms.application_wizard import ( class TestFormValidation(TestCase): def test_org_contact_zip_invalid(self): - form = OrganizationContactForm (data={"zipcode": "nah"}) + form = OrganizationContactForm(data={"zipcode": "nah"}) self.assertEqual( - form.errors["zipcode"], ["Please enter a ZIP code in the form 12345 or 12345-6789"] + form.errors["zipcode"], + ["Please enter a ZIP code in the form 12345 or 12345-6789"], ) def test_org_contact_zip_valid(self): for zipcode in ["12345", "12345-6789"]: - form = OrganizationContactForm (data={"zipcode": zipcode}) + form = OrganizationContactForm(data={"zipcode": zipcode}) self.assertNotIn("zipcode", form.errors) def test_current_site_invalid(self):