def test_user_link_xss():
user = UserProfile(username='******',
display_name='<script>alert(1)</script>', pk=1)
html = "<script>alert(1)</script>"
assert user_link(user) == '<a href="%s" title="%s">%s</a>' % (
user.get_absolute_url(), html, html)
user = UserProfile(username='******',
display_name="""xss"'><iframe onload=alert(3)>""", pk=1)
html = """xss"'><iframe onload=alert(3)>"""
assert user_link(user) == '<a href="%s" title="%s">%s</a>' % (
user.get_absolute_url(), html, html)
def test_users_list_truncate_display_name():
user = UserProfile(username='******',
display_name='Some Very Long Display Name', pk=1)
truncated_list = users_list([user], None, 10)
assert truncated_list == (
'<a href="%s" title="%s">Some Very...</a>' % (user.get_absolute_url(),
user.name))
def test_user_link():
user = UserProfile(username='******', display_name='John Connor', pk=1)
assert user_link(user) == ('<a href="%s" title="%s">John Connor</a>' %
(user.get_absolute_url(), user.name))
# handle None gracefully
assert user_link(None) == ''
