def test_remove_prohibited_attributes(self): root = etree.fromstring("""<div id="hello">remove me<p onerror="dosomething">remove me</p></div>""") res = remove_prohibited_attributes(root) #res.findall('.//*') will only search for the child for n in chain([res], res.findall('.//*')): self.assertTrue('onerror' not in n.attrib) self.assertTrue('id' not in n.attrib)
def test_url_sanitization(self): root = etree.fromstring("""<div><a href="http://httpbin.org">http</a><a href="https://httpbin.org">https</a><a href="ftp://httpbin.org">ftp</a></div>""") res = remove_prohibited_attributes(root) for n in res.findall('.//*'): self.assertTrue('ftp' not in n.attrib)