No hidden SQL on canned query pages, closes #1411

2021-07-31 17:58:11 -07:00 · 2021-07-31 17:58:11 -07:00 · 4adca0d850
commit 4adca0d850
--- a/datasette/templates/query.html
+++ b/datasette/templates/query.html
@ -44,7 +44,7 @@
            <pre id="sql-query">{% if query %}{{ query.sql }}{% endif %}</pre>
        {% endif %}
    {% else %}
-        <input type="hidden" name="sql" value="{% if query and query.sql %}{{ query.sql }}{% else %}select * from {{ tables[0].name|escape_sqlite }}{% endif %}">
+    {% if not canned_query %}<input type="hidden" name="sql" value="{% if query and query.sql %}{{ query.sql }}{% else %}select * from {{ tables[0].name|escape_sqlite }}{% endif %}">{% endif %}
        <input type="hidden" name="_hide_sql" value="1">
    {% endif %}
    {% if named_parameter_values %}
--- a/tests/test_html.py
+++ b/tests/test_html.py
@ -1238,6 +1238,17 @@ def test_show_hide_sql_query(app_client):
    ] == [(hidden["name"], hidden["value"]) for hidden in hiddens]


+def test_canned_query_with_hide_has_no_hidden_sql(app_client):
+    # For a canned query the show/hide should NOT have a hidden SQL field
+    # https://github.com/simonw/datasette/issues/1411
+    response = app_client.get("/fixtures/neighborhood_search?_hide_sql=1")
+    soup = Soup(response.body, "html.parser")
+    hiddens = soup.find("form").select("input[type=hidden]")
+    assert [
+        ("_hide_sql", "1"),
+    ] == [(hidden["name"], hidden["value"]) for hidden in hiddens]
+
+
 def test_extra_where_clauses(app_client):
    response = app_client.get(
        "/fixtures/facetable?_where=neighborhood='Dogpatch'&_where=city_id=1"