Mercurial > genshi > genshi-test
changeset 115:d4ea684655d9
Various fixes for breakage introduced in [132].
author | cmlenz |
---|---|
date | Tue, 01 Aug 2006 10:42:48 +0000 |
parents | 8f53c3ad385c |
children | 88ac4c680120 |
files | markup/core.py markup/tests/__init__.py markup/tests/filters.py |
diffstat | 3 files changed, 25 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/markup/core.py +++ b/markup/core.py @@ -71,7 +71,7 @@ filter must be a callable that accepts the stream object as parameter, and returns the filtered stream. """ - return Stream(func(html)) + return Stream(func(self)) def render(self, method='xml', encoding='utf-8', filters=None, **kwargs): """Return a string representation of the stream.
--- a/markup/tests/__init__.py +++ b/markup/tests/__init__.py @@ -16,12 +16,14 @@ def suite(): import markup - from markup.tests import builder, core, eval, input, output, path, template + from markup.tests import builder, core, eval, filters, input, output, \ + path, template suite = unittest.TestSuite() suite.addTest(doctest.DocTestSuite(markup)) suite.addTest(builder.suite()) suite.addTest(core.suite()) suite.addTest(eval.suite()) + suite.addTest(filters.suite()) suite.addTest(input.suite()) suite.addTest(output.suite()) suite.addTest(path.suite())
--- a/markup/tests/filters.py +++ b/markup/tests/filters.py @@ -24,20 +24,20 @@ def test_sanitize_unchanged(self): html = HTML('<a href="#">fo<br />o</a>') self.assertEquals('<a href="#">fo<br/>o</a>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) def test_sanitize_escape_text(self): html = HTML('<a href="#">fo&</a>') self.assertEquals('<a href="#">fo&</a>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) html = HTML('<a href="#"><foo></a>') self.assertEquals('<a href="#"><foo></a>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) def test_sanitize_entityref_text(self): html = HTML('<a href="#">foö</a>') self.assertEquals(u'<a href="#">foö</a>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) def test_sanitize_escape_attr(self): html = HTML('<div title="<foo>"></div>') @@ -47,73 +47,73 @@ def test_sanitize_close_empty_tag(self): html = HTML('<a href="#">fo<br>o</a>') self.assertEquals('<a href="#">fo<br/>o</a>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) def test_sanitize_invalid_entity(self): html = HTML('&junk;') - self.assertEquals('&junk;', str(html.filter(HTMLSanitizer())) + self.assertEquals('&junk;', str(html.filter(HTMLSanitizer()))) def test_sanitize_remove_script_elem(self): html = HTML('<script>alert("Foo")</script>') - self.assertEquals('', str(html.filter(HTMLSanitizer())) + self.assertEquals('', str(html.filter(HTMLSanitizer()))) html = HTML('<SCRIPT SRC="http://example.com/"></SCRIPT>') - self.assertEquals('', str(html.filter(HTMLSanitizer())) + self.assertEquals('', str(html.filter(HTMLSanitizer()))) self.assertRaises(ParseError, HTML, '<SCR\0IPT>alert("foo")</SCR\0IPT>') self.assertRaises(ParseError, HTML, '<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') def test_sanitize_remove_onclick_attr(self): html = HTML('<div onclick=\'alert("foo")\' />') - self.assertEquals('<div/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<div/>', str(html.filter(HTMLSanitizer()))) def test_sanitize_remove_style_scripts(self): # Inline style with url() using javascript: scheme html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') - self.assertEquals('<div/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<div/>', str(html.filter(HTMLSanitizer()))) # Inline style with url() using javascript: scheme, using control char html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') - self.assertEquals('<div/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<div/>', str(html.filter(HTMLSanitizer()))) # Inline style with url() using javascript: scheme, in quotes html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') - self.assertEquals('<div/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<div/>', str(html.filter(HTMLSanitizer()))) # IE expressions in CSS not allowed html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>') - self.assertEquals('<div/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<div/>', str(html.filter(HTMLSanitizer()))) html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));' 'color: #fff\'>') self.assertEquals('<div style="color: #fff"/>', - str(html.filter(HTMLSanitizer())) + str(html.filter(HTMLSanitizer()))) def test_sanitize_remove_src_javascript(self): html = HTML('<img src=\'javascript:alert("foo")\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Case-insensitive protocol matching html = HTML('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Grave accents (not parsed) self.assertRaises(ParseError, HTML, '<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') # Protocol encoded using UTF-8 numeric entities html = HTML('<IMG SRC=\'javascri' 'pt:alert("foo")\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Protocol encoded using UTF-8 numeric entities without a semicolon # (which is allowed because the max number of digits is used) html = HTML('<IMG SRC=\'java' 'script' ':alert("foo")\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Protocol encoded using UTF-8 numeric hex entities without a semicolon # (which is allowed because the max number of digits is used) html = HTML('<IMG SRC=\'javascri' 'pt:alert("foo")\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Embedded tab character in protocol html = HTML('<IMG SRC=\'jav\tascript:alert("foo");\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) # Embedded tab character in protocol, but encoded this time html = HTML('<IMG SRC=\'jav	ascript:alert("foo");\'>') - self.assertEquals('<img/>', str(html.filter(HTMLSanitizer())) + self.assertEquals('<img/>', str(html.filter(HTMLSanitizer()))) def suite():