def test_escape_html(self): html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>' self.assertEqual(escape_html(html, allowed_tags='a', allowed_attributes='href,style', allowed_styles='width'), '<a href="" style="width: 200px;">foo</a><em></em>') self.assertEqual(escape_html(html, allowed_tags=['a'], allowed_attributes=['href', 'style'], allowed_styles=['width']), '<a href="" style="width: 200px;">foo</a><em></em>')
def test_escape_html(self): html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>' self.assertEqual( escape_html(html, allowed_tags='a', allowed_attributes='href,style', allowed_styles='width'), '<a href="" style="width: 200px;">foo</a><em></em>') self.assertEqual( escape_html(html, allowed_tags=['a'], allowed_attributes=['href', 'style'], allowed_styles=['width']), '<a href="" style="width: 200px;">foo</a><em></em>')
if not events: return events #Filter by time, must be last since it's hacky start_day = datetime.datetime(int(request.GET['y0']), int(request.GET['m0']), int(request.GET['d0'])) end_day = start_day + datetime.timedelta(days=int(request.GET['nDays'])-1) events = cal_event_query.filter_by_day_hour( events, start_day, end_day, int(request.GET['h0']), int(request.GET['i0']), int(request.GET['h1']), int(request.GET['i1'])) except Exception, e: return HttpResponseServerError('Bad GET request: '+ str(e)) from sanitizer.templatetags.sanitizer import escape_html for event in events: desc = escape_html(event.event_cluster.cluster_description, allowed_tags=settings.SANITIZER_ALLOWED_TAGS, allowed_attributes=settings.SANITIZER_ALLOWED_ATTRIBUTES) # TODO: this way of splitting the description is vulnerable to bad HTML tags # We don't want to cut open a tag in the middle, or to cut open a link tag # in the middle. XXX I don't think the check for cutting open a link tag # in the middle works right. # TODO: this also doesn't deal with opened i's, b's, etc.. split = 100 opened = 0 opened_a = False for i, c in enumerate(desc[:split]): if c == '<': opened += 1 if not opened_a: opened_a = (desc[i:i+2].lower() == '<a') else:
def test_escape_html(self): html = '<a href="" class="">foo</a><em></em>' self.assertEqual(escape_html(html, allowed_tags='a', allowed_attributes='href'), '<a href="">foo</a><em></em>') self.assertEqual(escape_html(html, allowed_tags=['a'], allowed_attributes=['href']), '<a href="">foo</a><em></em>')
int(request.GET['m0']), int(request.GET['d0'])) end_day = start_day + datetime.timedelta( days=int(request.GET['nDays']) - 1) events = cal_event_query.filter_by_day_hour(events, start_day, end_day, int(request.GET['h0']), int(request.GET['i0']), int(request.GET['h1']), int(request.GET['i1'])) except Exception, e: return HttpResponseServerError('Bad GET request: ' + str(e)) from sanitizer.templatetags.sanitizer import escape_html for event in events: desc = escape_html( event.event_cluster.cluster_description, allowed_tags=settings.SANITIZER_ALLOWED_TAGS, allowed_attributes=settings.SANITIZER_ALLOWED_ATTRIBUTES) # TODO: this way of splitting the description is vulnerable to bad HTML tags # We don't want to cut open a tag in the middle, or to cut open a link tag # in the middle. XXX I don't think the check for cutting open a link tag # in the middle works right. # TODO: this also doesn't deal with opened i's, b's, etc.. split = 100 opened = 0 opened_a = False for i, c in enumerate(desc[:split]): if c == '<': opened += 1 if not opened_a: opened_a = (desc[i:i + 2].lower() == '<a') else: