Mercurial > genshi > genshi-test

comparison markup/tests/core.py @ 91:e82d1bb07464

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Some subtle fixes to generation and sanitization.
author cmlenz
date Thu, 20 Jul 2006 16:55:26 +0000
parents 822089ae65ce
children e815c2c07572
comparison
equal deleted inserted replaced
90:242610137d1f 91:e82d1bb07464
121 markup = Markup('<script>alert("Foo")</script>') 121 markup = Markup('<script>alert("Foo")</script>')
122 self.assertEquals('', str(markup.sanitize())) 122 self.assertEquals('', str(markup.sanitize()))
123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') 123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>')
124 self.assertEquals('', str(markup.sanitize())) 124 self.assertEquals('', str(markup.sanitize()))
125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') 125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>')
126 self.assertRaises(ParseError, markup.sanitize().render) 126 self.assertRaises(ParseError, markup.sanitize)
127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') 127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>')
128 self.assertRaises(ParseError, markup.sanitize().render) 128 self.assertRaises(ParseError, markup.sanitize)
129 129
130 def test_sanitize_remove_onclick_attr(self): 130 def test_sanitize_remove_onclick_attr(self):
131 markup = Markup('<div onclick=\'alert("foo")\' />') 131 markup = Markup('<div onclick=\'alert("foo")\' />')
132 self.assertEquals('<div/>', str(markup.sanitize())) 132 self.assertEquals('<div/>', str(markup.sanitize()))
133 133
154 # Case-insensitive protocol matching 154 # Case-insensitive protocol matching
155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') 155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>')
156 self.assertEquals('<img/>', str(markup.sanitize())) 156 self.assertEquals('<img/>', str(markup.sanitize()))
157 # Grave accents (not parsed) 157 # Grave accents (not parsed)
158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') 158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
159 self.assertRaises(ParseError, markup.sanitize().render) 159 self.assertRaises(ParseError, markup.sanitize)
160 # Protocol encoded using UTF-8 numeric entities 160 # Protocol encoded using UTF-8 numeric entities
161 markup = Markup('<IMG SRC=\'&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;' 161 markup = Markup('<IMG SRC=\'&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;'
162 '&#112;&#116;&#58;alert("foo")\'>') 162 '&#112;&#116;&#58;alert("foo")\'>')
163 self.assertEquals('<img/>', str(markup.sanitize())) 163 self.assertEquals('<img/>', str(markup.sanitize()))
164 # Protocol encoded using UTF-8 numeric entities without a semicolon 164 # Protocol encoded using UTF-8 numeric entities without a semicolon
Copyright (C) 2012-2017 Edgewall Software