def link_entity(props):
"""
<a linktype="page" id="1">internal page link</a>
"""
id_ = props.get('id')
link_props = {}
if id_ is not None:
link_props['linktype'] = 'page'
link_props['id'] = id_
else:
link_props['href'] = check_url(props.get('url'))
return DOM.create_element('a', link_props, props['children'])
def link_entity(props):
"""
<a linktype="page" id="1">internal page link</a>
"""
id_ = props.get("id")
link_props = {}
if id_ is not None:
link_props["linktype"] = "page"
link_props["id"] = id_
else:
link_props["href"] = check_url(props.get("url"))
return DOM.create_element("a", link_props, props["children"])
def test_crafty_disallowed_url_scheme(self):
"""
Some URL parsers do not parse 'jav\tascript:' as a valid scheme.
Browsers, however, do. The checker needs to catch these crafty schemes
"""
self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self):
self.assertFalse(bool(check_url("invalid://url")))
def test_allowed_url_schemes(self):
for url_scheme in ["", "http", "https", "ftp", "mailto", "tel"]:
url = url_scheme + "://www.example.com"
self.assertTrue(bool(check_url(url)))
def test_allowed_url_schemes(self):
for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']:
url = url_scheme + "://www.example.com"
self.assertTrue(bool(check_url(url)))
def test_allowed_url_schemes(self):
for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']:
url = url_scheme + "://www.example.com"
self.assertTrue(bool(check_url(url)))
def test_crafty_disallowed_url_scheme(self):
"""
Some URL parsers do not parse 'jav\tascript:' as a valid scheme.
Browsers, however, do. The checker needs to catch these crafty schemes
"""
self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self):
self.assertFalse(bool(check_url("invalid://url")))