def test_escape_script_node(self): text = r'''<div> <a href="http://www.test.com">test.com</a> </div> <script>alert("hi");</script> <script>alert("hello");</script> <script>alert("hello2");</script> <script src='http://www.test.com/t/t.js'></script>''' escaped_result = wikidata.escape_script_node(text) self.assertEqual(-1, escaped_result.find("<script>")) self.assertEqual(-1, escaped_result.find("</script>")) expected_text = '''<div> <a href="http://www.test.com">test.com</a> </div> <script>alert("hi");</script> <script>alert("hello");</script> <script>alert("hello2");</script> <script src=\'http://www.test.com/t/t.js\'/>''' self.assertEqual(expected_text, escaped_result)
def post(self, path): data = self.get_argument("data", default="") path = self.get_argument("path") data = wikidata.escape_script_node(data) self.wiki_data.set_page(path, data) self.redirect(path)