def test_whitelist_hooks(self): # wagtail.tests.wagtail_hooks overrides the whitelist to permit <blockquote> and <a target="..."> input_html = ( '<blockquote>I would put a tax on all people who' ' <a href="https://twitter.com/DMReporter/status/432914941201223680/photo/1"' ' target="_blank" tea="darjeeling">' 'stand in water</a>.</blockquote><p>- <character>Gumby</character></p>' ) output_html = DbWhitelister.clean(input_html) expected = ( '<blockquote>I would put a tax on all people who' ' <a href="https://twitter.com/DMReporter/status/432914941201223680/photo/1"' ' target="_blank">stand in water</a>.</blockquote><p>- Gumby</p>' ) self.assertHtmlEqual(expected, output_html) # check that the base Whitelister class is unaffected by these custom whitelist rules input_html = ( '<blockquote>I would put a tax on all people who' ' <a href="https://twitter.com/DMReporter/status/432914941201223680/photo/1" target="_blank"' ' tea="darjeeling">stand in water</a>.</blockquote><p>- <character>Gumby</character></p>' ) output_html = Whitelister.clean(input_html) expected = ( 'I would put a tax on all people who' ' <a href="https://twitter.com/DMReporter/status/432914941201223680/photo/1">' 'stand in water</a>.<p>- Gumby</p>' ) self.assertHtmlEqual(expected, output_html)
def test_clean(self): """ Whitelister.clean should remove disallowed tags and attributes from a string """ string = '<b foo="bar">snowman <barbecue>Yorkshire</barbecue></b>' cleaned_string = Whitelister.clean(string) self.assertEqual(cleaned_string, '<b>snowman Yorkshire</b>')
def test_clean_comments(self): string = '<b>snowman Yorkshire<!--[if gte mso 10]>MS word junk<![endif]--></b>' cleaned_string = Whitelister.clean(string) self.assertEqual(cleaned_string, '<b>snowman Yorkshire</b>')