Mercurial > genshi > genshi-test
comparison markup/tests/core.py @ 91:e82d1bb07464
Some subtle fixes to generation and sanitization.
author | cmlenz |
---|---|
date | Thu, 20 Jul 2006 16:55:26 +0000 |
parents | 822089ae65ce |
children | e815c2c07572 |
comparison
equal
deleted
inserted
replaced
90:242610137d1f | 91:e82d1bb07464 |
---|---|
121 markup = Markup('<script>alert("Foo")</script>') | 121 markup = Markup('<script>alert("Foo")</script>') |
122 self.assertEquals('', str(markup.sanitize())) | 122 self.assertEquals('', str(markup.sanitize())) |
123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') | 123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') |
124 self.assertEquals('', str(markup.sanitize())) | 124 self.assertEquals('', str(markup.sanitize())) |
125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') | 125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') |
126 self.assertRaises(ParseError, markup.sanitize().render) | 126 self.assertRaises(ParseError, markup.sanitize) |
127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') | 127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') |
128 self.assertRaises(ParseError, markup.sanitize().render) | 128 self.assertRaises(ParseError, markup.sanitize) |
129 | 129 |
130 def test_sanitize_remove_onclick_attr(self): | 130 def test_sanitize_remove_onclick_attr(self): |
131 markup = Markup('<div onclick=\'alert("foo")\' />') | 131 markup = Markup('<div onclick=\'alert("foo")\' />') |
132 self.assertEquals('<div/>', str(markup.sanitize())) | 132 self.assertEquals('<div/>', str(markup.sanitize())) |
133 | 133 |
154 # Case-insensitive protocol matching | 154 # Case-insensitive protocol matching |
155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') | 155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') |
156 self.assertEquals('<img/>', str(markup.sanitize())) | 156 self.assertEquals('<img/>', str(markup.sanitize())) |
157 # Grave accents (not parsed) | 157 # Grave accents (not parsed) |
158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') | 158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') |
159 self.assertRaises(ParseError, markup.sanitize().render) | 159 self.assertRaises(ParseError, markup.sanitize) |
160 # Protocol encoded using UTF-8 numeric entities | 160 # Protocol encoded using UTF-8 numeric entities |
161 markup = Markup('<IMG SRC=\'javascri' | 161 markup = Markup('<IMG SRC=\'javascri' |
162 'pt:alert("foo")\'>') | 162 'pt:alert("foo")\'>') |
163 self.assertEquals('<img/>', str(markup.sanitize())) | 163 self.assertEquals('<img/>', str(markup.sanitize())) |
164 # Protocol encoded using UTF-8 numeric entities without a semicolon | 164 # Protocol encoded using UTF-8 numeric entities without a semicolon |