Exemple #1
0
def test_WSGIHTTPException_generate_response_w_unencodable_object_html():
    from webob.util import html_escape

    def start_response(status, headers, exc_info=None):
        pass

    class Unencodable(object):
        def __str__(self):
            raise u'\u00fe'.encode('ascii')

    environ = {
        'wsgi.url_scheme': 'HTTP',
        'SERVER_NAME': 'localhost',
        'SERVER_PORT': '80',
        'REQUEST_METHOD': 'PUT',
        'HTTP_ACCEPT': 'text/html',
        'BAD': Unencodable()
    }
    body_template = "$BAD"
    excep = WSGIHTTPException(body_template=body_template)
    assert_equal( excep(environ,start_response), [
        b'<html>\n'
        b' <head>\n'
        b'  <title>None None</title>\n'
        b' </head>\n'
        b' <body>\n'
        b'  <h1>None None</h1>\n' + \
        b'  ' + html_escape(object.__repr__(environ['BAD'])).encode('ascii') + b'\n' + \
        b' </body>\n'
        b'</html>' ]
    )
Exemple #2
0
def test_html_escape():
    if PY3:
        EXPECTED_LT = 'expected a &#x27;&lt;&#x27;.'
    else:
        EXPECTED_LT = "expected a '&lt;'."
    for v, s in [
        # unsafe chars
        ('these chars: < > & "', 'these chars: &lt; &gt; &amp; &quot;'),
        (' ', ' '),
        ('&egrave;', '&amp;egrave;'),
        # The apostrophe is *not* escaped, which some might consider to be
        # a serious bug (see, e.g. http://www.cvedetails.com/cve/CVE-2010-2480/)
        (text_('the majestic m\xf8ose'), 'the majestic m&#248;ose'),
        #("'", "&#39;")

        # 8-bit strings are passed through
        (text_('\xe9'), '&#233;'),
        ## (text_(b'the majestic m\xf8ose').encode('utf-8'),
        ##  'the majestic m\xc3\xb8ose'),

        # ``None`` is treated specially, and returns the empty string.
        (None, ''),

        # Objects that define a ``__html__`` method handle their own escaping
        (t_esc_HTML(), '<div>hello</div>'),

        # Things that are not strings are converted to strings and then escaped
        (42, '42'),
        (Exception("expected a '<'."), EXPECTED_LT),

        # If an object implements both ``__str__`` and ``__unicode__``, the latter
        # is preferred
        (t_esc_SuperMoose(), 'm&#248;ose'),
        (t_esc_Unicode(), '&#233;'),
        (t_esc_UnsafeAttrs(), '&lt;UnsafeAttrs&gt;'),
    ]:
        eq(html_escape(v), s)
Exemple #3
0
def test_html_escape(input, expected):
    assert expected == html_escape(input)
Exemple #4
0
def test_html_escape(input, expected):
    assert expected == html_escape(input)
Exemple #5
0
def safe_html_escape(value):
    try:
        return html_escape(value)
    except UnicodeEncodeError:
        return html_escape(object.__repr__(value))