def test_wild_card(self): uris = ['*'] self.assertTrue(is_safe_origin(uris, 'data:text/plain,blah')) self.assertTrue(is_safe_origin(uris, 'http://127.0.0.1/')) self.assertTrue(is_safe_origin(uris, 'https://127.0.0.1/')) self.assertTrue(is_safe_origin(uris, 'blob:')) self.assertTrue(is_safe_origin(uris, '/path/to')) self.assertTrue(is_safe_origin(uris, 'file.txt'))
def test_schemes(self): uris = ['data:', 'https:'] self.assertTrue(is_safe_origin(uris, 'data:text/plain,blah')) self.assertFalse(is_safe_origin(uris, 'http://127.0.0.1/')) self.assertTrue(is_safe_origin(uris, 'https://127.0.0.1/')) self.assertFalse(is_safe_origin(uris, 'blob:')) self.assertTrue(is_safe_origin(uris, '/path/to')) self.assertTrue(is_safe_origin(uris, 'file.txt'))
def is_safe_origin(self, uri, req=None): return is_safe_origin(self.safe_origins, uri, req=req)
def test_path(self): uris = ['https://example.org/path/to', 'http://example.net/path/to/'] self.assertFalse(is_safe_origin(uris, 'https://example.org')) self.assertFalse(is_safe_origin(uris, 'https://example.org/')) self.assertFalse(is_safe_origin(uris, 'https://example.org/path')) self.assertFalse(is_safe_origin(uris, 'https://example.org/path/')) self.assertTrue(is_safe_origin(uris, 'https://example.org/path/to')) self.assertTrue(is_safe_origin(uris, 'https://example.org/path/to/')) self.assertTrue( is_safe_origin(uris, 'https://example.org/path/to/image.png')) self.assertFalse(is_safe_origin(uris, 'http://example.net')) self.assertFalse(is_safe_origin(uris, 'http://example.net/')) self.assertFalse(is_safe_origin(uris, 'http://example.net/path')) self.assertFalse(is_safe_origin(uris, 'http://example.net/path/')) self.assertFalse(is_safe_origin(uris, 'http://example.net/path/to')) self.assertTrue(is_safe_origin(uris, 'http://example.net/path/to/')) self.assertTrue( is_safe_origin(uris, 'http://example.net/path/to/image.png')) self.assertFalse(is_safe_origin(uris, 'blob:')) self.assertTrue(is_safe_origin(uris, '/path/to')) self.assertTrue(is_safe_origin(uris, 'file.txt'))
def test_hostname(self): uris = ['https://example.org/', 'http://example.net'] self.assertFalse(is_safe_origin(uris, 'data:text/plain,blah')) self.assertTrue(is_safe_origin(uris, 'https://example.org')) self.assertTrue(is_safe_origin(uris, 'https://example.org/')) self.assertTrue(is_safe_origin(uris, 'https://example.org/path/')) self.assertTrue(is_safe_origin(uris, 'http://example.net')) self.assertTrue(is_safe_origin(uris, 'http://example.net/')) self.assertTrue(is_safe_origin(uris, 'http://example.net/path')) self.assertFalse(is_safe_origin(uris, 'https://example.com')) self.assertFalse(is_safe_origin(uris, 'blob:')) self.assertTrue(is_safe_origin(uris, '/path/to')) self.assertTrue(is_safe_origin(uris, 'file.txt'))