def test_allowed_url_schemes(self):
for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']:
url = url_scheme + "://www.example.com"
self.assertTrue(bool(check_url(url)))
def test_crafty_disallowed_url_scheme(self):
"""
Some URL parsers do not parse 'jav\tascript:' as a valid scheme.
Browsers, however, do. The checker needs to catch these crafty schemes
"""
self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self):
self.assertFalse(bool(check_url("invalid://url")))
def test_crafty_disallowed_url_scheme(self):
"""
Some URL parsers do not parse 'jav\tascript:' as a valid scheme.
Browsers, however, do. The checker needs to catch these crafty schemes
"""
self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self):
self.assertFalse(bool(check_url("invalid://url")))
def test_allowed_url_schemes(self):
for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']:
url = url_scheme + "://www.example.com"
self.assertTrue(bool(check_url(url)))
