Mercurial > genshi > mirror
comparison markup/tests/core.py @ 21:b4d17897d053 trunk
* Include paths are now interpreted relative to the path of the including template. Closes #3.
* The filename is now included as first item in the `pos` tuple of stream events.
* Simplified the "basic" example so that it actually ''is'' basic.
* Added a more complex example using nested relative includes in [source:/trunk/examples/includes/ examples/includes].
author | cmlenz |
---|---|
date | Tue, 20 Jun 2006 13:05:37 +0000 |
parents | 5420cfe42d36 |
children | b4f78c05e5c9 |
comparison
equal
deleted
inserted
replaced
20:cc92d74ce9e5 | 21:b4d17897d053 |
---|---|
10 # This software consists of voluntary contributions made by many | 10 # This software consists of voluntary contributions made by many |
11 # individuals. For the exact contribution history, see the revision | 11 # individuals. For the exact contribution history, see the revision |
12 # history and logs, available at http://projects.edgewall.com/trac/. | 12 # history and logs, available at http://projects.edgewall.com/trac/. |
13 | 13 |
14 import doctest | 14 import doctest |
15 from HTMLParser import HTMLParseError | |
16 import unittest | 15 import unittest |
17 | 16 |
18 from markup.core import * | 17 from markup.core import * |
18 from markup.input import ParseError | |
19 | 19 |
20 | 20 |
21 class MarkupTestCase(unittest.TestCase): | 21 class MarkupTestCase(unittest.TestCase): |
22 | 22 |
23 def test_escape(self): | 23 def test_escape(self): |
121 markup = Markup('<script>alert("Foo")</script>') | 121 markup = Markup('<script>alert("Foo")</script>') |
122 self.assertEquals('', str(markup.sanitize())) | 122 self.assertEquals('', str(markup.sanitize())) |
123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') | 123 markup = Markup('<SCRIPT SRC="http://example.com/"></SCRIPT>') |
124 self.assertEquals('', str(markup.sanitize())) | 124 self.assertEquals('', str(markup.sanitize())) |
125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') | 125 markup = Markup('<SCR\0IPT>alert("foo")</SCR\0IPT>') |
126 self.assertRaises(HTMLParseError, markup.sanitize().render) | 126 self.assertRaises(ParseError, markup.sanitize().render) |
127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') | 127 markup = Markup('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') |
128 self.assertRaises(HTMLParseError, markup.sanitize().render) | 128 self.assertRaises(ParseError, markup.sanitize().render) |
129 | 129 |
130 def test_sanitize_remove_onclick_attr(self): | 130 def test_sanitize_remove_onclick_attr(self): |
131 markup = Markup('<div onclick=\'alert("foo")\' />') | 131 markup = Markup('<div onclick=\'alert("foo")\' />') |
132 self.assertEquals('<div/>', str(markup.sanitize())) | 132 self.assertEquals('<div/>', str(markup.sanitize())) |
133 | 133 |
154 # Case-insensitive protocol matching | 154 # Case-insensitive protocol matching |
155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') | 155 markup = Markup('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') |
156 self.assertEquals('<img/>', str(markup.sanitize())) | 156 self.assertEquals('<img/>', str(markup.sanitize())) |
157 # Grave accents (not parsed) | 157 # Grave accents (not parsed) |
158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') | 158 markup = Markup('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') |
159 self.assertRaises(HTMLParseError, markup.sanitize().render) | 159 self.assertRaises(ParseError, markup.sanitize().render) |
160 # Protocol encoded using UTF-8 numeric entities | 160 # Protocol encoded using UTF-8 numeric entities |
161 markup = Markup('<IMG SRC=\'javascri' | 161 markup = Markup('<IMG SRC=\'javascri' |
162 'pt:alert("foo")\'>') | 162 'pt:alert("foo")\'>') |
163 self.assertEquals('<img/>', str(markup.sanitize())) | 163 self.assertEquals('<img/>', str(markup.sanitize())) |
164 # Protocol encoded using UTF-8 numeric entities without a semicolon | 164 # Protocol encoded using UTF-8 numeric entities without a semicolon |