def test_processInputs_w_tainted_values_cleans_exceptions(self): # Feed tainted garbage to the conversion methods, and any exception # returned should be HTML safe from DateTime.interfaces import SyntaxError from ZPublisher.Converters import type_converters for type, convert in type_converters.items(): try: convert('<html garbage>') except Exception as e: self.assertFalse('<' in e.args, '%s converter does not quote unsafe value!' % type) except SyntaxError as e: self.assertFalse('<' in e, '%s converter does not quote unsafe value!' % type)
def testNoTaintedExceptions(self): # Feed tainted garbage to the conversion methods, and any exception # returned should be HTML safe from ZPublisher.Converters import type_converters from DateTime import DateTime for type, convert in type_converters.items(): try: convert('<html garbage>') except Exception, e: self.failIf('<' in e.args, '%s converter does not quote unsafe value!' % type) except DateTime.SyntaxError, e: self.failIf('<' in e, '%s converter does not quote unsafe value!' % type)