def test_newline(self):
"""htmlutils - test if newlines are properly escaped for Javascript strings"""
test_str = "a string with a \n line break in it"
self.assertEqual(escape_javascript_string(test_str), "a string with a \\n line break in it")
test_str = "a string with a \r\n line break in it"
self.assertEqual(escape_javascript_string(test_str), "a string with a \\r\\n line break in it")
test_str = """a string with a \r\n line break and "quote" in it"""
self.assertEqual(escape_javascript_string(test_str), '''a string with a \\r\\n line break and \\"quote\\" in it''')
def test_escape_javascript_string_for_html(self):
"""htmlutils - escaping strings for Javascript, for use in HTML"""
self.assertEqual(escape_javascript_string('''"Are you a Munchkin?" asked Dorothy.
"No, but I am their friend"'''),
'\\"Are you a Munchkin?\\" asked Dorothy.\\n\\"No, but I am their friend\\"')
input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/'''
output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]>*/"""
self.assertEqual(escape_javascript_string(input_string), output_string)
def test_escape_closing_script_tag(self):
"""htmlutils - escaping closing </script> tag"""
input_string = '''My string contain some<script>alert(foo)</script> that browser might not like'''
output_string = '''My string contain some<script>alert(foo)</scr'+'ipt> that browser might not like'''
self.assertEqual(escape_javascript_string(input_string,
escape_for_html=False,
escape_CDATA=False,
escape_script_tag_with_quote="'"),
output_string)
output_string = '''My string contain some<script>alert(foo)</scr"+"ipt> that browser might not like'''
self.assertEqual(escape_javascript_string(input_string,
escape_for_html=False,
escape_CDATA=False,
escape_script_tag_with_quote='"'),
output_string)
def wash_for_js(text):
"""
DEPRECATED: use htmlutils.escape_javascript_string() instead,
and take note that returned value is no longer enclosed into
quotes.
"""
from invenio_utils.html import escape_javascript_string
if isinstance(text, six.string_types):
return '"%s"' % escape_javascript_string(text,
escape_for_html=False,
escape_CDATA=False,
escape_script_tag_with_quote=None)
else:
return text
def test_escape_javascript_string_for_html_in_tag_attribute(self):
"""htmlutils - escaping closing double quotes for use in HTML tag attribute"""
input_string = '''"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda.'''
output_string = """"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,"\\r replied Glinda."""
self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_quote_for_html=True),
output_string)
def test_escape_javascript_string_for_javascript_or_json(self):
"""htmlutils - escaping strings for Javascript, for use in "pure" Javscript or JSON output"""
input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/'''
output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]>*/"""
self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_CDATA=False),
output_string)
def test_escape_javascript_string_for_html_in_cdata(self):
"""htmlutils - escaping strings for Javascript, for use in HTML, in CDATA sections"""
input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/'''
output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]]]><
