# HG changeset patch
# User hodgestar
# Date 1356782400 0
# Node ID cadb6703ac18a55383ebc93873bb3f526fe40716
# Parent ea40c6ff63da5a99dfaf8e0e2722161447c80966
Merge r1187 from trunk (fix HTMLSanitizer tests for Python 2.7 -- see #501).
diff --git a/genshi/filters/tests/html.py b/genshi/filters/tests/html.py
--- a/genshi/filters/tests/html.py
+++ b/genshi/filters/tests/html.py
@@ -330,6 +330,13 @@
class HTMLSanitizerTestCase(unittest.TestCase):
+ def assert_parse_error_or_equal(self, expected, exploit):
+ try:
+ html = HTML(exploit)
+ except ParseError:
+ return
+ self.assertEquals(expected, (html | HTMLSanitizer()).render())
+
def test_sanitize_unchanged(self):
html = HTML('fo
o')
self.assertEquals('fo
o',
@@ -370,9 +377,11 @@
self.assertEquals('', (html | HTMLSanitizer()).render())
html = HTML('')
self.assertEquals('', (html | HTMLSanitizer()).render())
- self.assertRaises(ParseError, HTML, 'alert("foo")')
- self.assertRaises(ParseError, HTML,
- '')
+ src = u'alert("foo")'
+ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src)
+ src = u''
+ self.assert_parse_error_or_equal('<SCRIPT&XYZ; '
+ 'SRC="http://example.com/">', src)
def test_sanitize_remove_onclick_attr(self):
html = HTML('')
@@ -443,8 +452,8 @@
html = HTML('![](\'JaVaScRiPt:alert("foo")\')
')
self.assertEquals('![]()
', (html | HTMLSanitizer()).render())
# Grave accents (not parsed)
- self.assertRaises(ParseError, HTML,
- '![](`javascript:alert("RSnake)
')
+ src = u''
+ self.assert_parse_error_or_equal('![]()
', src)
# Protocol encoded using UTF-8 numeric entities
html = HTML('
')