Mercurial > genshi > genshi-test

comparison genshi/filters/tests/html.py @ 820:1837f39efd6f experimental-inline

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Sync (old) experimental inline branch with trunk@1027.
author cmlenz
date Wed, 11 Mar 2009 17:51:06 +0000
parents 0742f421caba
children 09cc3627654c
comparison
equal deleted inserted replaced
500:0742f421caba 820:1837f39efd6f
1 # -*- coding: utf-8 -*- 1 # -*- coding: utf-8 -*-
2 # 2 #
3 # Copyright (C) 2006 Edgewall Software 3 # Copyright (C) 2006-2008 Edgewall Software
4 # All rights reserved. 4 # All rights reserved.
5 # 5 #
6 # This software is licensed as described in the file COPYING, which 6 # This software is licensed as described in the file COPYING, which
7 # you should have received as part of this distribution. The terms 7 # you should have received as part of this distribution. The terms
8 # are also available at http://genshi.edgewall.org/wiki/License. 8 # are also available at http://genshi.edgewall.org/wiki/License.
14 import doctest 14 import doctest
15 import unittest 15 import unittest
16 16
17 from genshi.input import HTML, ParseError 17 from genshi.input import HTML, ParseError
18 from genshi.filters.html import HTMLFormFiller, HTMLSanitizer 18 from genshi.filters.html import HTMLFormFiller, HTMLSanitizer
19 19 from genshi.template import MarkupTemplate
20 20
21 class HTMLFormFillerTestCase(unittest.TestCase): 21 class HTMLFormFillerTestCase(unittest.TestCase):
22 22
23 def test_fill_input_text_no_value(self): 23 def test_fill_input_text_no_value(self):
24 html = HTML("""<form><p> 24 html = HTML("""<form><p>
267 <option value="1" selected="selected">1</option> 267 <option value="1" selected="selected">1</option>
268 <option value="2">2</option> 268 <option value="2">2</option>
269 <option value="3" selected="selected">3</option> 269 <option value="3" selected="selected">3</option>
270 </select> 270 </select>
271 </p></form>""", unicode(html)) 271 </p></form>""", unicode(html))
272
273 def test_fill_option_segmented_text(self):
274 html = MarkupTemplate("""<form>
275 <select name="foo">
276 <option value="1">foo $x</option>
277 </select>
278 </form>""").generate(x=1) | HTMLFormFiller(data={'foo': '1'})
279 self.assertEquals("""<form>
280 <select name="foo">
281 <option value="1" selected="selected">foo 1</option>
282 </select>
283 </form>""", unicode(html))
284
285 def test_fill_option_segmented_text_no_value(self):
286 html = MarkupTemplate("""<form>
287 <select name="foo">
288 <option>foo $x bar</option>
289 </select>
290 </form>""").generate(x=1) | HTMLFormFiller(data={'foo': 'foo 1 bar'})
291 self.assertEquals("""<form>
292 <select name="foo">
293 <option selected="selected">foo 1 bar</option>
294 </select>
295 </form>""", unicode(html))
296
297 def test_fill_option_unicode_value(self):
298 html = HTML(u"""<form>
299 <select name="foo">
300 <option value="&ouml;">foo</option>
301 </select>
302 </form>""") | HTMLFormFiller(data={'foo': u'ö'})
303 self.assertEquals(u"""<form>
304 <select name="foo">
305 <option value="ö" selected="selected">foo</option>
306 </select>
307 </form>""", unicode(html))
272 308
273 309
274 class HTMLSanitizerTestCase(unittest.TestCase): 310 class HTMLSanitizerTestCase(unittest.TestCase):
275 311
276 def test_sanitize_unchanged(self): 312 def test_sanitize_unchanged(self):
316 352
317 def test_sanitize_remove_onclick_attr(self): 353 def test_sanitize_remove_onclick_attr(self):
318 html = HTML('<div onclick=\'alert("foo")\' />') 354 html = HTML('<div onclick=\'alert("foo")\' />')
319 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) 355 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer()))
320 356
357 def test_sanitize_remove_comments(self):
358 html = HTML('''<div><!-- conditional comment crap --></div>''')
359 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer()))
360
321 def test_sanitize_remove_style_scripts(self): 361 def test_sanitize_remove_style_scripts(self):
322 sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) 362 sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style']))
323 # Inline style with url() using javascript: scheme 363 # Inline style with url() using javascript: scheme
324 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') 364 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>')
325 self.assertEquals(u'<div/>', unicode(html | sanitizer)) 365 self.assertEquals(u'<div/>', unicode(html | sanitizer))
329 # Inline style with url() using javascript: scheme, in quotes 369 # Inline style with url() using javascript: scheme, in quotes
330 html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') 370 html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>')
331 self.assertEquals(u'<div/>', unicode(html | sanitizer)) 371 self.assertEquals(u'<div/>', unicode(html | sanitizer))
332 # IE expressions in CSS not allowed 372 # IE expressions in CSS not allowed
333 html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>') 373 html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>')
374 self.assertEquals(u'<div/>', unicode(html | sanitizer))
375 html = HTML('<DIV STYLE=\'width: e/**/xpression(alert("foo"));\'>')
334 self.assertEquals(u'<div/>', unicode(html | sanitizer)) 376 self.assertEquals(u'<div/>', unicode(html | sanitizer))
335 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));' 377 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));'
336 'color: #fff\'>') 378 'color: #fff\'>')
337 self.assertEquals(u'<div style="color: #fff"/>', 379 self.assertEquals(u'<div style="color: #fff"/>',
338 unicode(html | sanitizer)) 380 unicode(html | sanitizer))
Copyright (C) 2012-2017 Edgewall Software