Mercurial > genshi > genshi-test
comparison genshi/filters/tests/html.py @ 820:1837f39efd6f experimental-inline
Sync (old) experimental inline branch with trunk@1027.
author | cmlenz |
---|---|
date | Wed, 11 Mar 2009 17:51:06 +0000 |
parents | 0742f421caba |
children | 09cc3627654c |
comparison
equal
deleted
inserted
replaced
500:0742f421caba | 820:1837f39efd6f |
---|---|
1 # -*- coding: utf-8 -*- | 1 # -*- coding: utf-8 -*- |
2 # | 2 # |
3 # Copyright (C) 2006 Edgewall Software | 3 # Copyright (C) 2006-2008 Edgewall Software |
4 # All rights reserved. | 4 # All rights reserved. |
5 # | 5 # |
6 # This software is licensed as described in the file COPYING, which | 6 # This software is licensed as described in the file COPYING, which |
7 # you should have received as part of this distribution. The terms | 7 # you should have received as part of this distribution. The terms |
8 # are also available at http://genshi.edgewall.org/wiki/License. | 8 # are also available at http://genshi.edgewall.org/wiki/License. |
14 import doctest | 14 import doctest |
15 import unittest | 15 import unittest |
16 | 16 |
17 from genshi.input import HTML, ParseError | 17 from genshi.input import HTML, ParseError |
18 from genshi.filters.html import HTMLFormFiller, HTMLSanitizer | 18 from genshi.filters.html import HTMLFormFiller, HTMLSanitizer |
19 | 19 from genshi.template import MarkupTemplate |
20 | 20 |
21 class HTMLFormFillerTestCase(unittest.TestCase): | 21 class HTMLFormFillerTestCase(unittest.TestCase): |
22 | 22 |
23 def test_fill_input_text_no_value(self): | 23 def test_fill_input_text_no_value(self): |
24 html = HTML("""<form><p> | 24 html = HTML("""<form><p> |
267 <option value="1" selected="selected">1</option> | 267 <option value="1" selected="selected">1</option> |
268 <option value="2">2</option> | 268 <option value="2">2</option> |
269 <option value="3" selected="selected">3</option> | 269 <option value="3" selected="selected">3</option> |
270 </select> | 270 </select> |
271 </p></form>""", unicode(html)) | 271 </p></form>""", unicode(html)) |
272 | |
273 def test_fill_option_segmented_text(self): | |
274 html = MarkupTemplate("""<form> | |
275 <select name="foo"> | |
276 <option value="1">foo $x</option> | |
277 </select> | |
278 </form>""").generate(x=1) | HTMLFormFiller(data={'foo': '1'}) | |
279 self.assertEquals("""<form> | |
280 <select name="foo"> | |
281 <option value="1" selected="selected">foo 1</option> | |
282 </select> | |
283 </form>""", unicode(html)) | |
284 | |
285 def test_fill_option_segmented_text_no_value(self): | |
286 html = MarkupTemplate("""<form> | |
287 <select name="foo"> | |
288 <option>foo $x bar</option> | |
289 </select> | |
290 </form>""").generate(x=1) | HTMLFormFiller(data={'foo': 'foo 1 bar'}) | |
291 self.assertEquals("""<form> | |
292 <select name="foo"> | |
293 <option selected="selected">foo 1 bar</option> | |
294 </select> | |
295 </form>""", unicode(html)) | |
296 | |
297 def test_fill_option_unicode_value(self): | |
298 html = HTML(u"""<form> | |
299 <select name="foo"> | |
300 <option value="ö">foo</option> | |
301 </select> | |
302 </form>""") | HTMLFormFiller(data={'foo': u'ö'}) | |
303 self.assertEquals(u"""<form> | |
304 <select name="foo"> | |
305 <option value="ö" selected="selected">foo</option> | |
306 </select> | |
307 </form>""", unicode(html)) | |
272 | 308 |
273 | 309 |
274 class HTMLSanitizerTestCase(unittest.TestCase): | 310 class HTMLSanitizerTestCase(unittest.TestCase): |
275 | 311 |
276 def test_sanitize_unchanged(self): | 312 def test_sanitize_unchanged(self): |
316 | 352 |
317 def test_sanitize_remove_onclick_attr(self): | 353 def test_sanitize_remove_onclick_attr(self): |
318 html = HTML('<div onclick=\'alert("foo")\' />') | 354 html = HTML('<div onclick=\'alert("foo")\' />') |
319 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) | 355 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
320 | 356 |
357 def test_sanitize_remove_comments(self): | |
358 html = HTML('''<div><!-- conditional comment crap --></div>''') | |
359 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) | |
360 | |
321 def test_sanitize_remove_style_scripts(self): | 361 def test_sanitize_remove_style_scripts(self): |
322 sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) | 362 sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) |
323 # Inline style with url() using javascript: scheme | 363 # Inline style with url() using javascript: scheme |
324 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') | 364 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') |
325 self.assertEquals(u'<div/>', unicode(html | sanitizer)) | 365 self.assertEquals(u'<div/>', unicode(html | sanitizer)) |
329 # Inline style with url() using javascript: scheme, in quotes | 369 # Inline style with url() using javascript: scheme, in quotes |
330 html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') | 370 html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') |
331 self.assertEquals(u'<div/>', unicode(html | sanitizer)) | 371 self.assertEquals(u'<div/>', unicode(html | sanitizer)) |
332 # IE expressions in CSS not allowed | 372 # IE expressions in CSS not allowed |
333 html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>') | 373 html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>') |
374 self.assertEquals(u'<div/>', unicode(html | sanitizer)) | |
375 html = HTML('<DIV STYLE=\'width: e/**/xpression(alert("foo"));\'>') | |
334 self.assertEquals(u'<div/>', unicode(html | sanitizer)) | 376 self.assertEquals(u'<div/>', unicode(html | sanitizer)) |
335 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));' | 377 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));' |
336 'color: #fff\'>') | 378 'color: #fff\'>') |
337 self.assertEquals(u'<div style="color: #fff"/>', | 379 self.assertEquals(u'<div style="color: #fff"/>', |
338 unicode(html | sanitizer)) | 380 unicode(html | sanitizer)) |