cmlenz@1: # -*- coding: utf-8 -*- cmlenz@1: # cmlenz@1: # Copyright (C) 2006 Christopher Lenz cmlenz@1: # All rights reserved. cmlenz@1: # cmlenz@1: # This software is licensed as described in the file COPYING, which cmlenz@1: # you should have received as part of this distribution. The terms cmlenz@1: # are also available at http://trac.edgewall.com/license.html. cmlenz@1: # cmlenz@1: # This software consists of voluntary contributions made by many cmlenz@1: # individuals. For the exact contribution history, see the revision cmlenz@1: # history and logs, available at http://projects.edgewall.com/trac/. cmlenz@1: cmlenz@1: import doctest cmlenz@1: import unittest cmlenz@1: cmlenz@18: from markup.core import * cmlenz@21: from markup.input import ParseError cmlenz@1: cmlenz@1: cmlenz@1: class MarkupTestCase(unittest.TestCase): cmlenz@1: cmlenz@1: def test_escape(self): cmlenz@1: markup = escape('"&"') cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('<b>"&"</b>', markup) cmlenz@1: cmlenz@1: def test_escape_noquotes(self): cmlenz@1: markup = escape('"&"', quotes=False) cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('<b>"&"</b>', markup) cmlenz@1: cmlenz@1: def test_unescape_markup(self): cmlenz@1: string = '"&"' cmlenz@1: markup = Markup.escape(string) cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals(string, unescape(markup)) cmlenz@1: cmlenz@1: def test_add_str(self): cmlenz@1: markup = Markup('foo') + '
' cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foo<br/>', markup) cmlenz@1: cmlenz@1: def test_add_markup(self): cmlenz@1: markup = Markup('foo') + Markup('
') cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foo
', markup) cmlenz@1: cmlenz@1: def test_add_reverse(self): cmlenz@1: markup = 'foo' + Markup('bar') cmlenz@1: assert isinstance(markup, unicode) cmlenz@1: self.assertEquals('foobar', markup) cmlenz@1: cmlenz@1: def test_mod(self): cmlenz@1: markup = Markup('%s') % '&' cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('&', markup) cmlenz@1: cmlenz@1: def test_mod_multi(self): cmlenz@1: markup = Markup('%s %s') % ('&', 'boo') cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('& boo', markup) cmlenz@1: cmlenz@1: def test_mul(self): cmlenz@1: markup = Markup('foo') * 2 cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foofoo', markup) cmlenz@1: cmlenz@1: def test_join(self): cmlenz@1: markup = Markup('
').join(['foo', '', Markup('')]) cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foo
<bar />
', markup) cmlenz@1: cmlenz@1: def test_stripentities_all(self): cmlenz@1: markup = Markup('& j').stripentities() cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('& j', markup) cmlenz@1: cmlenz@1: def test_stripentities_keepxml(self): cmlenz@1: markup = Markup('fo
o').striptags() cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foo', markup) cmlenz@1: cmlenz@1: def test_striptags_empty(self): cmlenz@1: markup = Markup('
').striptags() cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('', markup) cmlenz@1: cmlenz@1: def test_striptags_mid(self): cmlenz@1: markup = Markup('fo
o').striptags() cmlenz@1: assert isinstance(markup, Markup) cmlenz@1: self.assertEquals('foo', markup) cmlenz@1: cmlenz@1: def test_sanitize_unchanged(self): cmlenz@1: markup = Markup('fo
o') cmlenz@1: self.assertEquals('fo
o', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_escape_text(self): cmlenz@1: markup = Markup('fo&') cmlenz@1: self.assertEquals('fo&', str(markup.sanitize())) cmlenz@1: markup = Markup('<foo>') cmlenz@1: self.assertEquals('<foo>', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_entityref_text(self): cmlenz@1: markup = Markup('foö') cmlenz@1: self.assertEquals(u'foƶ', unicode(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_escape_attr(self): cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_close_empty_tag(self): cmlenz@1: markup = Markup('fo
o') cmlenz@1: self.assertEquals('fo
o', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_invalid_entity(self): cmlenz@1: markup = Markup('&junk;') cmlenz@1: self.assertEquals('&junk;', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_remove_script_elem(self): cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: markup = Markup('alert("foo")') cmlenz@21: self.assertRaises(ParseError, markup.sanitize().render) cmlenz@1: markup = Markup('') cmlenz@21: self.assertRaises(ParseError, markup.sanitize().render) cmlenz@1: cmlenz@1: def test_sanitize_remove_onclick_attr(self): cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_remove_style_scripts(self): cmlenz@1: # Inline style with url() using javascript: scheme cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: # Inline style with url() using javascript: scheme, using control char cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: # Inline style with url() using javascript: scheme, in quotes cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: # IE expressions in CSS not allowed cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: markup = Markup('
') cmlenz@1: self.assertEquals('
', str(markup.sanitize())) cmlenz@1: cmlenz@1: def test_sanitize_remove_src_javascript(self): cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Case-insensitive protocol matching cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Grave accents (not parsed) cmlenz@1: markup = Markup('') cmlenz@21: self.assertRaises(ParseError, markup.sanitize().render) cmlenz@1: # Protocol encoded using UTF-8 numeric entities cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Protocol encoded using UTF-8 numeric entities without a semicolon cmlenz@1: # (which is allowed because the max number of digits is used) cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Protocol encoded using UTF-8 numeric hex entities without a semicolon cmlenz@1: # (which is allowed because the max number of digits is used) cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Embedded tab character in protocol cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: # Embedded tab character in protocol, but encoded this time cmlenz@1: markup = Markup('') cmlenz@1: self.assertEquals('', str(markup.sanitize())) cmlenz@1: cmlenz@1: cmlenz@1: def suite(): cmlenz@1: suite = unittest.TestSuite() cmlenz@1: suite.addTest(unittest.makeSuite(MarkupTestCase, 'test')) cmlenz@18: suite.addTest(doctest.DocTestSuite(Markup.__module__)) cmlenz@1: return suite cmlenz@1: cmlenz@1: if __name__ == '__main__': cmlenz@1: unittest.main(defaultTest='suite')