Python dump_html_escaped_json Examples

Example #1

File: test_js_utils.py Project: JyunTang/edx-platform

    def test_dump_html_escaped_json_escapes_unsafe_html(self):
        """
        Test dump_html_escaped_json properly escapes &, <, and >.
        """
        malicious_dict = {"</script><script>alert('hello, ');</script>": "</script><script>alert('&world!');</script>"}
        expected_escaped_json = (
            "{&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;hello, &#39;);&lt;/script&gt;&#34;: "
            "&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;&amp;world!&#39;);&lt;/script&gt;&#34;}"
        )

        escaped_json = dump_html_escaped_json(malicious_dict)
        self.assertEquals(expected_escaped_json, escaped_json)

Example #2

File: test_js_utils.py Project: lyxstudy/edx-platform

    def test_dump_html_escaped_json_escapes_unsafe_html(self):
        """
        Test dump_html_escaped_json properly escapes &, <, and >.
        """
        malicious_dict = {
            "</script><script>alert('hello, ');</script>":
            "</script><script>alert('&world!');</script>"
        }
        expected_escaped_json = (
            "{&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;hello, &#39;);&lt;/script&gt;&#34;: "
            "&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;&amp;world!&#39;);&lt;/script&gt;&#34;}"
        )

        escaped_json = dump_html_escaped_json(malicious_dict)
        self.assertEquals(expected_escaped_json, escaped_json)

Example #3

File: test_js_utils.py Project: JyunTang/edx-platform

    def test_dump_html_escaped_json_with_custom_encoder_escapes_unsafe_html(self):
        """
        Test dump_html_escaped_json first encodes with custom JSNOEncoder before escaping &, <, and >

        The test encoder class should first perform the replacement of "<script>" with
        "sample-encoder-was-here", and then should escape the remaining &, <, and >.

        """
        malicious_dict = {
            "</script><script>alert('hello, ');</script>":
            self.NoDefaultEncoding("</script><script>alert('&world!');</script>")
        }
        expected_custom_escaped_json = (
            "{&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;hello, &#39;);&lt;/script&gt;&#34;: "
            "&#34;&lt;/script&gt;sample-encoder-was-herealert(&#39;&amp;world!&#39;);&lt;/script&gt;&#34;}"
        )
        escaped_json = dump_html_escaped_json(malicious_dict, cls=self.SampleJSONEncoder)
        self.assertEquals(expected_custom_escaped_json, escaped_json)

Example #4

File: test_js_utils.py Project: lyxstudy/edx-platform

    def test_dump_html_escaped_json_with_custom_encoder_escapes_unsafe_html(
            self):
        """
        Test dump_html_escaped_json first encodes with custom JSNOEncoder before escaping &, <, and >

        The test encoder class should first perform the replacement of "<script>" with
        "sample-encoder-was-here", and then should escape the remaining &, <, and >.

        """
        malicious_dict = {
            "</script><script>alert('hello, ');</script>":
            self.NoDefaultEncoding(
                "</script><script>alert('&world!');</script>")
        }
        expected_custom_escaped_json = (
            "{&#34;&lt;/script&gt;&lt;script&gt;alert(&#39;hello, &#39;);&lt;/script&gt;&#34;: "
            "&#34;&lt;/script&gt;sample-encoder-was-herealert(&#39;&amp;world!&#39;);&lt;/script&gt;&#34;}"
        )
        escaped_json = dump_html_escaped_json(malicious_dict,
                                              cls=self.SampleJSONEncoder)
        self.assertEquals(expected_custom_escaped_json, escaped_json)