def test_brace_escaping(self): text = '{% foo %}' for linkify in [0, 1]: ugc_text = jinja_tags.ugc_text(text, 9001, 0, linkify) self.assertFalse('{' in ugc_text) self.assertFalse('}' in ugc_text) self.assertTrue('foo' in ugc_text) self.assertTrue('&' in ugc_text)
def test_caret_escaping(self): text = ''' for(var i = 1;i<iterations;i++){ fg.save(); } ''' ugc_text = jinja_tags.ugc_text(text, 9001, 0, 0) self.assertEqual(strip_tags(ugc_text), text.replace('<', '<'))
def test_ugc_text(self): text = ''' this is some text. this is a #groupname here too. and here is a http://link.com/to/something. and a #1 sticker for u~ <div name="this html">will be gone</div>. ''' ugc_text = jinja_tags.ugc_text(text, 9001) self._has(ugc_text, ['this is some text', ' #1 ', 'href="http://link.com/to/something"', '_blank', '/x/groupname',]) self._has_not(ugc_text, ['this html',])
def test_ugc_text(self): text = ''' this is some text. this is a #groupname here too. and here is a http://link.com/to/something. and a #1 sticker for u~ <div name="this html">will be gone</div>. ''' ugc_text = jinja_tags.ugc_text(text, 9001) self._has(ugc_text, [ 'this is some text', ' #1 ', 'href="http://link.com/to/something"', '_blank', '/x/groupname', ]) self._has_not(ugc_text, [ 'this html', ])
def test_ugc_link_with_typo(self): text = "thishttp://example.com/p/b8mwj" ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) (link, ) = self.css_select(ugc_text, 'a') self.assertEqual("http://example.com/p/b8mwj", link.attrib['href'])
def test_group_link_with_space(self): text = 'foo #bar' ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) self.assertNotEqual(ugc_text, text) self.assertEqual(strip_tags(ugc_text), text)
def test_url_exploit(self): text = '''www.schneier.com/essay-337.html?-#i_hacked_canvas''' ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) (link, ) = self.css_select(ugc_text, 'a') self.assertEqual(strip_tags(ugc_text), text) self.assertEqual(link.attrib['href'], 'http://' + text)
def test_group_link(self): text = '#i_didnt_hacked_canvas' ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) self.assertNotEqual(ugc_text, text) self.assertEqual(strip_tags(ugc_text), text)
def test_ugc_text_without_linkification(self): text = u'what #groupname http://huh.com' ugc_text = jinja_tags.ugc_text(text, 9001, 0, 0) self._has_not(ugc_text, ['href', '/x/groupname'])
def test_ugc_link_with_typo(self): text = "thishttp://example.com/p/b8mwj" ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) (link,) = self.css_select(ugc_text, 'a') self.assertEqual("http://example.com/p/b8mwj", link.attrib['href'])
def test_url_exploit(self): text = '''www.schneier.com/essay-337.html?-#i_hacked_canvas''' ugc_text = jinja_tags.ugc_text(text, 9001, 1, 1) (link,) = self.css_select(ugc_text, 'a') self.assertEqual(strip_tags(ugc_text), text) self.assertEqual(link.attrib['href'], 'http://' + text)