def setUp(self):
self.parser = HTMLEscaper()
def escape_html(raw_text):
parser = HTMLEscaper()
new_html = parser.clean(raw_text)
return mark_safe(new_html)
class HTMLParserTest(TestCase):
"""Check OrgWolf's HTML Parsing object that is used to escape
HTML in a customizable way."""
def setUp(self):
self.parser = HTMLEscaper()
def test_meta(self):
"""Return values and such"""
self.assertTrue(
isinstance(self.parser.clean(''), str)
)
self.parser._cleaned = 'Some stale data'
self.parser.reset()
self.assertFalse(
self.parser._cleaned
)
def test_bad_tags(self):
self.assertEqual(
'<script>alert('evil stuff');</script>',
self.parser.clean('<script>alert(\'evil stuff\');</script>')
)
def test_allowed_tags(self):
self.assertEqual(
'<h1>Hello</h1>',
self.parser.clean('<h1>Hello</h1>')
)
self.parser.reset()
self.assertEqual(
'<h2>Hello</h2>',
self.parser.clean('<h2>Hello</h2>')
)
self.parser.reset()
self.assertEqual(
'<h3>Hello</h3>',
self.parser.clean('<h3>Hello</h3>')
)
self.parser.reset()
self.assertEqual(
'<h4>Hello</h4>',
self.parser.clean('<h4>Hello</h4>')
)
self.parser.reset()
self.assertEqual(
'<h5>Hello</h5>',
self.parser.clean('<h5>Hello</h5>')
)
self.parser.reset()
self.assertEqual(
'<h6>Hello</h6>',
self.parser.clean('<h6>Hello</h6>')
)
self.parser.reset()
text = '<ul>\n<li>Hello</li>\n<li>world</li></ul>'
self.assertEqual(
text,
self.parser.clean(text)
)
self.parser.reset()
text = '<ol>\n<li>Hello</li>\n<li>world</li></ol>'
self.assertEqual(
text,
self.parser.clean(text)
)
self.parser.reset()
text = '<div><p>Hello, world!</p></div>'
self.assertEqual(
text,
self.parser.clean(text)
)
self.parser.reset()
self.assertEqual(
'<hr></hr>',
self.parser.clean('<hr />')
)
def test_style_attribute(self):
"""Check that <p style="..."> is allowed to pass"""
self.assertEqual(
self.parser.clean('<p style="color: red">'),
'<p style="color: red">'
)
def test_forbidden_attribute(self):
"""Check that <p onclick="..."> is not allowed to pass"""
self.assertEqual(
self.parser.clean('<p onclick="do_some_evil_stuff()">'),
'<p>'
)
def escape_html(raw_text):
parser = HTMLEscaper()
new_html = parser.clean(raw_text)
return mark_safe(new_html)
def setUp(self):
self.parser = HTMLEscaper()
class HTMLParserTest(TestCase):
"""Check OrgWolf's HTML Parsing object that is used to escape
HTML in a customizable way."""
def setUp(self):
self.parser = HTMLEscaper()
def test_meta(self):
"""Return values and such"""
self.assertTrue(isinstance(self.parser.clean(''), str))
self.parser._cleaned = 'Some stale data'
self.parser.reset()
self.assertFalse(self.parser._cleaned)
def test_bad_tags(self):
self.assertEqual(
'<script>alert('evil stuff');</script>',
self.parser.clean('<script>alert(\'evil stuff\');</script>'))
def test_allowed_tags(self):
self.assertEqual('<h1>Hello</h1>', self.parser.clean('<h1>Hello</h1>'))
self.parser.reset()
self.assertEqual('<h2>Hello</h2>', self.parser.clean('<h2>Hello</h2>'))
self.parser.reset()
self.assertEqual('<h3>Hello</h3>', self.parser.clean('<h3>Hello</h3>'))
self.parser.reset()
self.assertEqual('<h4>Hello</h4>', self.parser.clean('<h4>Hello</h4>'))
self.parser.reset()
self.assertEqual('<h5>Hello</h5>', self.parser.clean('<h5>Hello</h5>'))
self.parser.reset()
self.assertEqual('<h6>Hello</h6>', self.parser.clean('<h6>Hello</h6>'))
self.parser.reset()
text = '<ul>\n<li>Hello</li>\n<li>world</li></ul>'
self.assertEqual(text, self.parser.clean(text))
self.parser.reset()
text = '<ol>\n<li>Hello</li>\n<li>world</li></ol>'
self.assertEqual(text, self.parser.clean(text))
self.parser.reset()
text = '<div><p>Hello, world!</p></div>'
self.assertEqual(text, self.parser.clean(text))
self.parser.reset()
self.assertEqual('<hr></hr>', self.parser.clean('<hr />'))
def test_style_attribute(self):
"""Check that <p style="..."> is allowed to pass"""
self.assertEqual(self.parser.clean('<p style="color: red">'),
'<p style="color: red">')
def test_forbidden_attribute(self):
"""Check that <p onclick="..."> is not allowed to pass"""
self.assertEqual(
self.parser.clean('<p onclick="do_some_evil_stuff()">'), '<p>')
def clean_text(sender, instance, **kwargs):
"""pre_save receiver that cleans up the text before saving
eg. escape HTML"""
if not kwargs['raw']:
parser = HTMLEscaper()
instance.text = parser.clean(instance.text)
def clean_text(sender, instance, **kwargs):
"""pre_save receiver that cleans up the text before saving
eg. escape HTML"""
if not kwargs['raw']:
parser = HTMLEscaper()
instance.text = parser.clean(instance.text)
