def test_clean_html_unsupported_css(self): email = {"display_images": True, "eid": "abc"} with mock.patch("inboxen.utils.email.messages") as msg_mock: returned_body = email_utils._clean_html_body( None, email, UNSUPPORTED_CSS_BODY, "ascii") self.assertEqual(msg_mock.info.call_count, 1) self.assertIsInstance(returned_body, six.text_type)
def test_clean_html_balance_tags_when_closing_tag_missing(self): email = {"display_images": True, "eid": "abc"} expected_html = """<a href="/click/?url=https%3A//example.com" target="_blank" rel="noreferrer"></a>""" # unbalanced tags should be given a closing tag returned_body = email_utils._clean_html_body(None, email, LONELY_ANCHOR_TAG, "ascii") self.assertEqual(returned_body, expected_html)
def test_clean_html_no_strip_closing_tags_when_empty(self): email = {"display_images": True, "eid": "abc"} expected_html = """<a href="/click/?url=https%3A//example.com" target="_blank" rel="noreferrer"></a>""" # empty tags should not have their closing tag removed returned_body = email_utils._clean_html_body(None, email, EMPTY_ANCHOR_TAG, "ascii") self.assertEqual(returned_body, expected_html)
def test_sneaky_js(self): # this test explicitly tests against CVE-2020-27783 using the same test data as LXML email = {"display_images": True, "eid": "abc"} expected_html = "<div></div>" text = '<math><style><img src=x onerror=alert(1)></style></math>' returned_body = email_utils._clean_html_body(None, email, text, "ascii") self.assertEqual(returned_body, expected_html)
def test_clean_html_no_body(self): email = {"display_images": True} with mock.patch( "inboxen.utils.email.messages.info", side_effect=self.failureException("Unexpected message")): returned_body = email_utils._clean_html_body( None, email, BODILESS_BODY, "utf-8") self.assertIn( '<a href="/click/?url=http%3A//tinyletter.com/asym/confirm%3Fid%3Duuid"', returned_body)
def test_unknown_tag_get_dropped(self): email = {"display_images": True, "eid": "abc"} expected_html = ( """<div><div><a href="/click/?url=https%3A//example.com" target="_blank" """ """rel="noreferrer"></a></div></div>""") text = """<html><body><details style="hi">{}</section></body></html>""".format( EMPTY_ANCHOR_TAG) returned_body = email_utils._clean_html_body(None, email, text, "ascii") self.assertEqual(returned_body, expected_html)
def test_clean_html_no_charset(self): email = {"display_images": True} returned_body = email_utils._clean_html_body(None, email, CHARSETLESS_BODY, "ascii") self.assertIsInstance(returned_body, six.text_type)
def test_clean_html_unsupported_css(self): email = {"display_images": True, "eid": "abc"} with mock.patch("inboxen.utils.email.messages") as msg_mock: returned_body = email_utils._clean_html_body(None, email, UNSUPPORTED_CSS_BODY, "ascii") self.assertEqual(msg_mock.info.call_count, 1) self.assertIsInstance(returned_body, str)
def test_clean_html_no_charset(self): email = {"display_images": True} returned_body = email_utils._clean_html_body(None, email, CHARSETLESS_BODY, "ascii") self.assertIsInstance(returned_body, str)
def test_clean_html_no_body(self): email = {"display_images": True} with mock.patch("inboxen.utils.email.messages.info", side_effect=self.failureException("Unexpected message")): returned_body = email_utils._clean_html_body(None, email, BODILESS_BODY, "utf-8") self.assertIn('<a href="/click/?url=http%3A//tinyletter.com/asym/confirm%3Fid%3Duuid"', returned_body)