Mercurial > genshi > mirror
annotate markup/tests/filters.py @ 216:636fe6766b4d trunk
Many fixes to XPath evaluation. Among other things, this should get rid of the bug that attributes were getting ?pulled up? by `py:match` directives using `py:attrs="select('@*')"` (see #50).
| author | cmlenz |
|---|---|
| date | Mon, 04 Sep 2006 19:29:32 +0000 |
| parents | 51d4101f49ca |
| children |
| rev | line source |
|---|---|
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
1 # -*- coding: utf-8 -*- |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
2 # |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
3 # Copyright (C) 2006 Edgewall Software |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
4 # All rights reserved. |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
5 # |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
6 # This software is licensed as described in the file COPYING, which |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
7 # you should have received as part of this distribution. The terms |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
8 # are also available at http://markup.edgewall.org/wiki/License. |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
9 # |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
10 # This software consists of voluntary contributions made by many |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
11 # individuals. For the exact contribution history, see the revision |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
12 # history and logs, available at http://markup.edgewall.org/log/. |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
13 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
14 import doctest |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
15 import unittest |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
16 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
17 from markup.core import Stream |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
18 from markup.input import HTML, ParseError |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
19 from markup.filters import HTMLSanitizer |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
20 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
21 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
22 class HTMLSanitizerTestCase(unittest.TestCase): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
23 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
24 def test_sanitize_unchanged(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
25 html = HTML('<a href="#">fo<br />o</a>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
26 self.assertEquals(u'<a href="#">fo<br/>o</a>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
27 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
28 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
29 def test_sanitize_escape_text(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
30 html = HTML('<a href="#">fo&</a>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
31 self.assertEquals(u'<a href="#">fo&</a>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
32 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
33 html = HTML('<a href="#"><foo></a>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
34 self.assertEquals(u'<a href="#"><foo></a>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
35 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
36 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
37 def test_sanitize_entityref_text(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
38 html = HTML('<a href="#">foö</a>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
39 self.assertEquals(u'<a href="#">foƶ</a>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
40 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
41 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
42 def test_sanitize_escape_attr(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
43 html = HTML('<div title="<foo>"></div>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
44 self.assertEquals(u'<div title="<foo>"/>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
45 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
46 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
47 def test_sanitize_close_empty_tag(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
48 html = HTML('<a href="#">fo<br>o</a>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
49 self.assertEquals(u'<a href="#">fo<br/>o</a>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
50 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
51 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
52 def test_sanitize_invalid_entity(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
53 html = HTML('&junk;') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
54 self.assertEquals('&junk;', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
55 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
56 def test_sanitize_remove_script_elem(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
57 html = HTML('<script>alert("Foo")</script>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
58 self.assertEquals(u'', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
59 html = HTML('<SCRIPT SRC="http://example.com/"></SCRIPT>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
60 self.assertEquals(u'', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
61 self.assertRaises(ParseError, HTML, '<SCR\0IPT>alert("foo")</SCR\0IPT>') |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
62 self.assertRaises(ParseError, HTML, |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
63 '<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
64 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
65 def test_sanitize_remove_onclick_attr(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
66 html = HTML('<div onclick=\'alert("foo")\' />') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
67 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
68 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
69 def test_sanitize_remove_style_scripts(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
70 # Inline style with url() using javascript: scheme |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
71 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
72 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
73 # Inline style with url() using javascript: scheme, using control char |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
74 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"))\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
75 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
76 # Inline style with url() using javascript: scheme, in quotes |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
77 html = HTML('<DIV STYLE=\'background: url("javascript:alert(foo)")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
78 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
79 # IE expressions in CSS not allowed |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
80 html = HTML('<DIV STYLE=\'width: expression(alert("foo"));\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
81 self.assertEquals(u'<div/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
82 html = HTML('<DIV STYLE=\'background: url(javascript:alert("foo"));' |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
83 'color: #fff\'>') |
|
144
d1ce85a7f296
* Coalesce adjacent text events that the parsers would produce when text crossed the buffer boundaries. Fixes #26.
cmlenz
parents:
115
diff
changeset
|
84 self.assertEquals(u'<div style="color: #fff"/>', |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
85 unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
86 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
87 def test_sanitize_remove_src_javascript(self): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
88 html = HTML('<img src=\'javascript:alert("foo")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
89 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
90 # Case-insensitive protocol matching |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
91 html = HTML('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
92 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
93 # Grave accents (not parsed) |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
94 self.assertRaises(ParseError, HTML, |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
95 '<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
96 # Protocol encoded using UTF-8 numeric entities |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
97 html = HTML('<IMG SRC=\'javascri' |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
98 'pt:alert("foo")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
99 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
100 # Protocol encoded using UTF-8 numeric entities without a semicolon |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
101 # (which is allowed because the max number of digits is used) |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
102 html = HTML('<IMG SRC=\'java' |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
103 'script' |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
104 ':alert("foo")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
105 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
106 # Protocol encoded using UTF-8 numeric hex entities without a semicolon |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
107 # (which is allowed because the max number of digits is used) |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
108 html = HTML('<IMG SRC=\'javascri' |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
109 'pt:alert("foo")\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
110 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
111 # Embedded tab character in protocol |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
112 html = HTML('<IMG SRC=\'jav\tascript:alert("foo");\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
113 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
114 # Embedded tab character in protocol, but encoded this time |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
115 html = HTML('<IMG SRC=\'jav	ascript:alert("foo");\'>') |
|
204
51d4101f49ca
* Implement reverse add/mul operators for `Markup` class, so that the result is also a `Markup` instance.
cmlenz
parents:
144
diff
changeset
|
116 self.assertEquals(u'<img/>', unicode(html | HTMLSanitizer())) |
|
113
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
117 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
118 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
119 def suite(): |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
120 suite = unittest.TestSuite() |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
121 suite.addTest(unittest.makeSuite(HTMLSanitizerTestCase, 'test')) |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
122 return suite |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
123 |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
124 if __name__ == '__main__': |
|
d10fbba1d5e0
Removed the `sanitize()` method from the `Markup` class, and migrate the existing unit tests to `markup.tests.filters`. Provide a `Stream.filter()` method instead which can be used to conveniently apply a filter to a stream.
cmlenz
parents:
diff
changeset
|
125 unittest.main(defaultTest='suite') |