Mercurial > genshi > mirror
changeset 963:99d4c481e4eb trunk
Fix HTMLSanitizer tests for Python 2.7 (fixes #501).
author | hodgestar |
---|---|
date | Sat, 29 Dec 2012 11:43:45 +0000 |
parents | 60906489b11a |
children | 2bfd8f8d241c |
files | genshi/filters/tests/test_html.py |
diffstat | 1 files changed, 14 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/genshi/filters/tests/test_html.py +++ b/genshi/filters/tests/test_html.py @@ -368,6 +368,13 @@ class HTMLSanitizerTestCase(unittest.TestCase): + def assert_parse_error_or_equal(self, expected, exploit): + try: + html = HTML(exploit) + except ParseError: + return + self.assertEquals(expected, (html | HTMLSanitizer()).render()) + def test_sanitize_unchanged(self): html = HTML(u'<a href="#">fo<br />o</a>') self.assertEquals('<a href="#">fo<br/>o</a>', @@ -408,9 +415,11 @@ self.assertEquals('', (html | HTMLSanitizer()).render()) html = HTML(u'<SCRIPT SRC="http://example.com/"></SCRIPT>') self.assertEquals('', (html | HTMLSanitizer()).render()) - self.assertRaises(ParseError, HTML, u'<SCR\0IPT>alert("foo")</SCR\0IPT>') - self.assertRaises(ParseError, HTML, - u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>') + src = u'<SCR\0IPT>alert("foo")</SCR\0IPT>' + self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src) + src = u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>' + self.assert_parse_error_or_equal('<SCRIPT&XYZ; ' + 'SRC="http://example.com/">', src) def test_sanitize_remove_onclick_attr(self): html = HTML(u'<div onclick=\'alert("foo")\' />') @@ -481,8 +490,8 @@ html = HTML(u'<IMG SRC=\'JaVaScRiPt:alert("foo")\'>') self.assertEquals('<img/>', (html | HTMLSanitizer()).render()) # Grave accents (not parsed) - self.assertRaises(ParseError, HTML, - u'<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>') + src = u'<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>' + self.assert_parse_error_or_equal('<img/>', src) # Protocol encoded using UTF-8 numeric entities html = HTML(u'<IMG SRC=\'javascri' 'pt:alert("foo")\'>')