Mercurial > genshi > genshi-test
diff markup/tests/core.py @ 1:821114ec4f69
Initial import.
author | cmlenz |
---|---|
date | Sat, 03 Jun 2006 07:16:01 +0000 |
parents | |
children | 4cbebb15a834 |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/markup/tests/core.py @@ -0,0 +1,189 @@ +# -*- coding: utf-8 -*- +# +# Copyright (C) 2006 Christopher Lenz +# All rights reserved. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at http://trac.edgewall.com/license.html. +# +# This software consists of voluntary contributions made by many +# individuals. For the exact contribution history, see the revision +# history and logs, available at http://projects.edgewall.com/trac/. + +import doctest +from HTMLParser import HTMLParseError +import unittest + +from markup.core import Markup, escape, unescape + + +class MarkupTestCase(unittest.TestCase): + + def test_escape(self): + markup = escape('<b>"&"</b>') + assert isinstance(markup, Markup) + self.assertEquals('<b>"&"</b>', markup) + + def test_escape_noquotes(self): + markup = escape('<b>"&"</b>', quotes=False) + assert isinstance(markup, Markup) + self.assertEquals('<b>"&"</b>', markup) + + def test_unescape_markup(self): + string = '<b>"&"</b>' + markup = Markup.escape(string) + assert isinstance(markup, Markup) + self.assertEquals(string, unescape(markup)) + + def test_add_str(self): + markup = Markup('<b>foo</b>') + '<br/>' + assert isinstance(markup, Markup) + self.assertEquals('<b>foo</b><br/>', markup) + + def test_add_markup(self): + markup = Markup('<b>foo</b>') + Markup('<br/>') + assert isinstance(markup, Markup) + self.assertEquals('<b>foo</b><br/>', markup) + + def test_add_reverse(self): + markup = 'foo' + Markup('<b>bar</b>') + assert isinstance(markup, unicode) + self.assertEquals('foo<b>bar</b>', markup) + + def test_mod(self): + markup = Markup('<b>%s</b>') % '&' + assert isinstance(markup, Markup) + self.assertEquals('<b>&</b>', markup) + + def test_mod_multi(self): + markup = Markup('<b>%s</b> %s') % ('&', 'boo') + assert isinstance(markup, Markup) + self.assertEquals('<b>&</b> boo', markup) + + def test_mul(self): + markup = Markup('<b>foo</b>') * 2 + assert isinstance(markup, Markup) + self.assertEquals('<b>foo</b><b>foo</b>', markup) + + def test_join(self): + markup = Markup('<br />').join(['foo', '<bar />', Markup('<baz />')]) + assert isinstance(markup, Markup) + self.assertEquals('foo<br /><bar /><br /><baz />', markup) + + def test_stripentities_all(self): + markup = Markup('& j').stripentities() + assert isinstance(markup, Markup) + self.assertEquals('& j', markup) + + def test_stripentities_keepxml(self): + markup = Markup('<a href="#">fo<br />o</a>').striptags() + assert isinstance(markup, Markup) + self.assertEquals('foo', markup) + + def test_striptags_empty(self): + markup = Markup('<br />').striptags() + assert isinstance(markup, Markup) + self.assertEquals('', markup) + + def test_striptags_mid(self): + markup = Markup('<a href="#">fo<br />o</a>').striptags() + assert isinstance(markup, Markup) + self.assertEquals('foo', markup) + + def test_sanitize_unchanged(self): + markup = Markup('<a href="#">fo<br />o</a>') + self.assertEquals('<a href="#">fo<br/>o</a>', str(markup.sanitize())) + + def test_sanitize_escape_text(self): + markup = Markup('<a href="#">fo&</a>') + self.assertEquals('<a href="#">fo&</a>', str(markup.sanitize())) + markup = Markup('<a href="#"><foo></a>') + self.assertEquals('<a href="#"><foo></a>', str(markup.sanitize())) + + def test_sanitize_entityref_text(self): + markup = Markup('<a href="#">foö</a>') + self.assertEquals(u'<a href="#">foƶ</a>', unicode(markup.sanitize())) + + def test_sanitize_escape_attr(self): + markup = Markup('<div title="<foo>"></div>') + self.assertEquals('<div title="<foo>"/>', str(markup.sanitize())) + + def test_sanitize_close_empty_tag(self): + markup = Markup('<a href="#">fo<br>o</a>') + self.assertEquals('<a href="#">fo<br/>o</a>', str(markup.sanitize())) + + def test_sanitize_invalid_entity(self): + markup = Markup('&junk;') + self.assertEquals('&junk;', str(markup.sanitize())) + + def test_sanitize_remove_script_elem(self): + markup = Markup('<script>alert("Foo")</script>') + self.assertEquals('', str(markup.sanitize())) + markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') + self.assertEquals('', str(markup.sanitize())) + markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') + self.assertRaises(HTMLParseError, markup.sanitize().render) + markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') + self.assertRaises(HTMLParseError, markup.sanitize().render) + + def test_sanitize_remove_onclick_attr(self): + markup = Markup('<div onclick=\'alert("foo")\' />') + self.assertEquals('<div/>', str(markup.sanitize())) + + def test_sanitize_remove_style_scripts(self): + # Inline style with url() using javascript: scheme + markup = Markup('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') + self.assertEquals('<div/>', str(markup.sanitize())) + # Inline style with url() using javascript: scheme, using control char + markup = Markup('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') + self.assertEquals('<div/>', str(markup.sanitize())) + # Inline style with url() using javascript: scheme, in quotes + markup = Markup('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') + self.assertEquals('<div/>', str(markup.sanitize())) + # IE expressions in CSS not allowed + markup = Markup('<DIV STYLE=\'width: expression(alert("foo"));\'>') + self.assertEquals('<div/>', str(markup.sanitize())) + markup = Markup('<DIV STYLE=\'background: url(javascript:alert("foo"));' + 'color: #fff\'>') + self.assertEquals('<div style="color: #fff"/>', str(markup.sanitize())) + + def test_sanitize_remove_src_javascript(self): + markup = Markup('<img src=\'javascript:alert("foo")\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Case-insensitive protocol matching + markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Grave accents (not parsed) + markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') + self.assertRaises(HTMLParseError, markup.sanitize().render) + # Protocol encoded using UTF-8 numeric entities + markup = Markup('<IMG SRC=\'javascri' + 'pt:alert("foo")\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Protocol encoded using UTF-8 numeric entities without a semicolon + # (which is allowed because the max number of digits is used) + markup = Markup('<IMG SRC=\'java' + 'script' + ':alert("foo")\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Protocol encoded using UTF-8 numeric hex entities without a semicolon + # (which is allowed because the max number of digits is used) + markup = Markup('<IMG SRC=\'javascri' + 'pt:alert("foo")\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Embedded tab character in protocol + markup = Markup('<IMG SRC=\'jav\tascript:alert("foo");\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + # Embedded tab character in protocol, but encoded this time + markup = Markup('<IMG SRC=\'jav	ascript:alert("foo");\'>') + self.assertEquals('<img/>', str(markup.sanitize())) + + +def suite(): + suite = unittest.TestSuite() + suite.addTest(unittest.makeSuite(MarkupTestCase, 'test')) + return suite + +if __name__ == '__main__': + unittest.main(defaultTest='suite')