# HG changeset patch
# User hodgestar
# Date 1356781425 0
# Node ID 99d4c481e4ebe11777019bfc4316b07f5d99ef76
# Parent 60906489b11a3a2f72986c721304d13c1ffc1bc5
Fix HTMLSanitizer tests for Python 2.7 (fixes #501).
diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py
--- a/genshi/filters/tests/test_html.py
+++ b/genshi/filters/tests/test_html.py
@@ -368,6 +368,13 @@
class HTMLSanitizerTestCase(unittest.TestCase):
+ def assert_parse_error_or_equal(self, expected, exploit):
+ try:
+ html = HTML(exploit)
+ except ParseError:
+ return
+ self.assertEquals(expected, (html | HTMLSanitizer()).render())
+
def test_sanitize_unchanged(self):
html = HTML(u'fo
o')
self.assertEquals('fo
o',
@@ -408,9 +415,11 @@
self.assertEquals('', (html | HTMLSanitizer()).render())
html = HTML(u'')
self.assertEquals('', (html | HTMLSanitizer()).render())
- self.assertRaises(ParseError, HTML, u'alert("foo")')
- self.assertRaises(ParseError, HTML,
- u'')
+ src = u'alert("foo")'
+ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src)
+ src = u''
+ self.assert_parse_error_or_equal('<SCRIPT&XYZ; '
+ 'SRC="http://example.com/">', src)
def test_sanitize_remove_onclick_attr(self):
html = HTML(u'')
@@ -481,8 +490,8 @@
html = HTML(u'![](\'JaVaScRiPt:alert("foo")\')
')
self.assertEquals('![]()
', (html | HTMLSanitizer()).render())
# Grave accents (not parsed)
- self.assertRaises(ParseError, HTML,
- u'![](`javascript:alert("RSnake)
')
+ src = u''
+ self.assert_parse_error_or_equal('![]()
', src)
# Protocol encoded using UTF-8 numeric entities
html = HTML(u'
')