class SelectiveScriptScrubberTestCase(unittest.TestCase): tests = ( ( # Allowed src, remove body '<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js">fewfewfwe</script>', '<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script>' ), ( # Disallowed src '<script type="text/javascript" src="http://www.example.com/evil.js">fewfewfwe</script>', ''), ( # Allowed inline '<script type="text/javascript">var sc_project=123;</script>', True), ( # Disallowed inline '<script type="text/javascript">alert(5);</script>', ''), ( # Stat counter """<!-- Start of StatCounter Code --><script type="text/javascript">\nvar sc_project=1234; \nvar sc_invisible=0; \nvar sc_partition=12; \nvar sc_security="1234a5"; \n</script><script src="http://www.statcounter.com/counter/counter_xhtml.js" type="text/javascript"></script><noscript><div class="statcounter"><a href="http://www.statcounter.com/" class="statcounter" rel="nofollow"><img src="http://c37.statcounter.com/1234/0/020062e8/0/" alt="hit counter" class="statcounter" /></a></div></noscript><!-- End of StatCounter Code -->""", """<script type="text/javascript">\nvar sc_project=1234; \nvar sc_invisible=0; \nvar sc_partition=12; \nvar sc_security="1234a5"; \n</script><script src="http://www.statcounter.com/counter/counter_xhtml.js" type="text/javascript"></script><noscript><div class="statcounter"><a href="http://www.statcounter.com/" class="statcounter" rel="nofollow"><img src="http://c37.statcounter.com/1234/0/020062e8/0/" alt="hit counter" class="statcounter" /></a></div></noscript>""" ), ( # Google calendar """<iframe src="http://www.google.com/calendar/embed?title=test&height=300&wkst=1&bgcolor=%23FFFFFF&ctz=America%2FLos_Angeles" style=" border-width:0 " width="300" height="300" frameborder="0" scrolling="no"></iframe>""", True), ) def setUp(self): self.scrubber = SelectiveScriptScrubber() def testScrubber(self): for html, expected in self.tests: if expected is True: expected = html self.failUnlessEqual(self.scrubber.scrub(html), expected)
class SelectiveScriptScrubberTestCase(unittest.TestCase): tests = ( ( # Allowed src, remove body '<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js">fewfewfwe</script>', '<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script>' ), ( # Disallowed src '<script type="text/javascript" src="http://www.example.com/evil.js">fewfewfwe</script>', '' ), ( # Allowed inline '<script type="text/javascript">var sc_project=123;</script>', True ), ( # Disallowed inline '<script type="text/javascript">alert(5);</script>', '' ), ( # Stat counter """<!-- Start of StatCounter Code --><script type="text/javascript">\nvar sc_project=1234; \nvar sc_invisible=0; \nvar sc_partition=12; \nvar sc_security="1234a5"; \n</script><script src="http://www.statcounter.com/counter/counter_xhtml.js" type="text/javascript"></script><noscript><div class="statcounter"><a href="http://www.statcounter.com/" class="statcounter" rel="nofollow"><img src="http://c37.statcounter.com/1234/0/020062e8/0/" alt="hit counter" class="statcounter" /></a></div></noscript><!-- End of StatCounter Code -->""", """<script type="text/javascript">\nvar sc_project=1234; \nvar sc_invisible=0; \nvar sc_partition=12; \nvar sc_security="1234a5"; \n</script><script src="http://www.statcounter.com/counter/counter_xhtml.js" type="text/javascript"></script><noscript><div class="statcounter"><a href="http://www.statcounter.com/" class="statcounter" rel="nofollow"><img src="http://c37.statcounter.com/1234/0/020062e8/0/" alt="hit counter" class="statcounter" /></a></div></noscript>""" ), ( # Google calendar """<iframe src="http://www.google.com/calendar/embed?title=test&height=300&wkst=1&bgcolor=%23FFFFFF&ctz=America%2FLos_Angeles" style=" border-width:0 " width="300" height="300" frameborder="0" scrolling="no"></iframe>""", True ), ) def setUp(self): self.scrubber = SelectiveScriptScrubber() def testScrubber(self): for html, expected in self.tests: if expected is True: expected = html self.failUnlessEqual(self.scrubber.scrub(html), expected)
def setUp(self): self.scrubber = SelectiveScriptScrubber()