Example #1
0
 def test_remove_prohibited_attributes(self):
     root = etree.fromstring("""<div id="hello">remove me<p onerror="dosomething">remove me</p></div>""")
     res = remove_prohibited_attributes(root)
     #res.findall('.//*') will only search for the child
     for n in chain([res], res.findall('.//*')):
         self.assertTrue('onerror' not in n.attrib)
         self.assertTrue('id' not in n.attrib)
Example #2
0
 def test_url_sanitization(self):
     root = etree.fromstring("""<div><a href="http://httpbin.org">http</a><a href="https://httpbin.org">https</a><a href="ftp://httpbin.org">ftp</a></div>""")
     res = remove_prohibited_attributes(root)
     for n in res.findall('.//*'):
         self.assertTrue('ftp' not in n.attrib)