def setUp(self): self.parser = HTMLEscaper()
def escape_html(raw_text): parser = HTMLEscaper() new_html = parser.clean(raw_text) return mark_safe(new_html)
class HTMLParserTest(TestCase): """Check OrgWolf's HTML Parsing object that is used to escape HTML in a customizable way.""" def setUp(self): self.parser = HTMLEscaper() def test_meta(self): """Return values and such""" self.assertTrue( isinstance(self.parser.clean(''), str) ) self.parser._cleaned = 'Some stale data' self.parser.reset() self.assertFalse( self.parser._cleaned ) def test_bad_tags(self): self.assertEqual( '<script>alert('evil stuff');</script>', self.parser.clean('<script>alert(\'evil stuff\');</script>') ) def test_allowed_tags(self): self.assertEqual( '<h1>Hello</h1>', self.parser.clean('<h1>Hello</h1>') ) self.parser.reset() self.assertEqual( '<h2>Hello</h2>', self.parser.clean('<h2>Hello</h2>') ) self.parser.reset() self.assertEqual( '<h3>Hello</h3>', self.parser.clean('<h3>Hello</h3>') ) self.parser.reset() self.assertEqual( '<h4>Hello</h4>', self.parser.clean('<h4>Hello</h4>') ) self.parser.reset() self.assertEqual( '<h5>Hello</h5>', self.parser.clean('<h5>Hello</h5>') ) self.parser.reset() self.assertEqual( '<h6>Hello</h6>', self.parser.clean('<h6>Hello</h6>') ) self.parser.reset() text = '<ul>\n<li>Hello</li>\n<li>world</li></ul>' self.assertEqual( text, self.parser.clean(text) ) self.parser.reset() text = '<ol>\n<li>Hello</li>\n<li>world</li></ol>' self.assertEqual( text, self.parser.clean(text) ) self.parser.reset() text = '<div><p>Hello, world!</p></div>' self.assertEqual( text, self.parser.clean(text) ) self.parser.reset() self.assertEqual( '<hr></hr>', self.parser.clean('<hr />') ) def test_style_attribute(self): """Check that <p style="..."> is allowed to pass""" self.assertEqual( self.parser.clean('<p style="color: red">'), '<p style="color: red">' ) def test_forbidden_attribute(self): """Check that <p onclick="..."> is not allowed to pass""" self.assertEqual( self.parser.clean('<p onclick="do_some_evil_stuff()">'), '<p>' )
class HTMLParserTest(TestCase): """Check OrgWolf's HTML Parsing object that is used to escape HTML in a customizable way.""" def setUp(self): self.parser = HTMLEscaper() def test_meta(self): """Return values and such""" self.assertTrue(isinstance(self.parser.clean(''), str)) self.parser._cleaned = 'Some stale data' self.parser.reset() self.assertFalse(self.parser._cleaned) def test_bad_tags(self): self.assertEqual( '<script>alert('evil stuff');</script>', self.parser.clean('<script>alert(\'evil stuff\');</script>')) def test_allowed_tags(self): self.assertEqual('<h1>Hello</h1>', self.parser.clean('<h1>Hello</h1>')) self.parser.reset() self.assertEqual('<h2>Hello</h2>', self.parser.clean('<h2>Hello</h2>')) self.parser.reset() self.assertEqual('<h3>Hello</h3>', self.parser.clean('<h3>Hello</h3>')) self.parser.reset() self.assertEqual('<h4>Hello</h4>', self.parser.clean('<h4>Hello</h4>')) self.parser.reset() self.assertEqual('<h5>Hello</h5>', self.parser.clean('<h5>Hello</h5>')) self.parser.reset() self.assertEqual('<h6>Hello</h6>', self.parser.clean('<h6>Hello</h6>')) self.parser.reset() text = '<ul>\n<li>Hello</li>\n<li>world</li></ul>' self.assertEqual(text, self.parser.clean(text)) self.parser.reset() text = '<ol>\n<li>Hello</li>\n<li>world</li></ol>' self.assertEqual(text, self.parser.clean(text)) self.parser.reset() text = '<div><p>Hello, world!</p></div>' self.assertEqual(text, self.parser.clean(text)) self.parser.reset() self.assertEqual('<hr></hr>', self.parser.clean('<hr />')) def test_style_attribute(self): """Check that <p style="..."> is allowed to pass""" self.assertEqual(self.parser.clean('<p style="color: red">'), '<p style="color: red">') def test_forbidden_attribute(self): """Check that <p onclick="..."> is not allowed to pass""" self.assertEqual( self.parser.clean('<p onclick="do_some_evil_stuff()">'), '<p>')
def clean_text(sender, instance, **kwargs): """pre_save receiver that cleans up the text before saving eg. escape HTML""" if not kwargs['raw']: parser = HTMLEscaper() instance.text = parser.clean(instance.text)