def test_escape_html(self):
html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
self.assertEqual(escape_html(html, allowed_tags='a',
allowed_attributes='href,style', allowed_styles='width'),
'<a href="" style="width: 200px;">foo</a><em></em>')
self.assertEqual(escape_html(html, allowed_tags=['a'],
allowed_attributes=['href', 'style'], allowed_styles=['width']),
'<a href="" style="width: 200px;">foo</a><em></em>')
def test_escape_html(self):
html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
self.assertEqual(
escape_html(html,
allowed_tags='a',
allowed_attributes='href,style',
allowed_styles='width'),
'<a href="" style="width: 200px;">foo</a><em></em>')
self.assertEqual(
escape_html(html,
allowed_tags=['a'],
allowed_attributes=['href', 'style'],
allowed_styles=['width']),
'<a href="" style="width: 200px;">foo</a><em></em>')
if not events: return events
#Filter by time, must be last since it's hacky
start_day = datetime.datetime(int(request.GET['y0']), int(request.GET['m0']), int(request.GET['d0']))
end_day = start_day + datetime.timedelta(days=int(request.GET['nDays'])-1)
events = cal_event_query.filter_by_day_hour(
events, start_day, end_day,
int(request.GET['h0']), int(request.GET['i0']),
int(request.GET['h1']), int(request.GET['i1']))
except Exception, e:
return HttpResponseServerError('Bad GET request: '+ str(e))
from sanitizer.templatetags.sanitizer import escape_html
for event in events:
desc = escape_html(event.event_cluster.cluster_description,
allowed_tags=settings.SANITIZER_ALLOWED_TAGS,
allowed_attributes=settings.SANITIZER_ALLOWED_ATTRIBUTES)
# TODO: this way of splitting the description is vulnerable to bad HTML tags
# We don't want to cut open a tag in the middle, or to cut open a link tag
# in the middle. XXX I don't think the check for cutting open a link tag
# in the middle works right.
# TODO: this also doesn't deal with opened i's, b's, etc..
split = 100
opened = 0
opened_a = False
for i, c in enumerate(desc[:split]):
if c == '<':
opened += 1
if not opened_a:
opened_a = (desc[i:i+2].lower() == '<a')
else:
def test_escape_html(self):
html = '<a href="" class="">foo</a><em></em>'
self.assertEqual(escape_html(html, allowed_tags='a', allowed_attributes='href'),
'<a href="">foo</a><em></em>')
self.assertEqual(escape_html(html, allowed_tags=['a'], allowed_attributes=['href']),
'<a href="">foo</a><em></em>')
int(request.GET['m0']),
int(request.GET['d0']))
end_day = start_day + datetime.timedelta(
days=int(request.GET['nDays']) - 1)
events = cal_event_query.filter_by_day_hour(events, start_day, end_day,
int(request.GET['h0']),
int(request.GET['i0']),
int(request.GET['h1']),
int(request.GET['i1']))
except Exception, e:
return HttpResponseServerError('Bad GET request: ' + str(e))
from sanitizer.templatetags.sanitizer import escape_html
for event in events:
desc = escape_html(
event.event_cluster.cluster_description,
allowed_tags=settings.SANITIZER_ALLOWED_TAGS,
allowed_attributes=settings.SANITIZER_ALLOWED_ATTRIBUTES)
# TODO: this way of splitting the description is vulnerable to bad HTML tags
# We don't want to cut open a tag in the middle, or to cut open a link tag
# in the middle. XXX I don't think the check for cutting open a link tag
# in the middle works right.
# TODO: this also doesn't deal with opened i's, b's, etc..
split = 100
opened = 0
opened_a = False
for i, c in enumerate(desc[:split]):
if c == '<':
opened += 1
if not opened_a:
opened_a = (desc[i:i + 2].lower() == '<a')
else:
