def test_newline(self): """htmlutils - test if newlines are properly escaped for Javascript strings""" test_str = "a string with a \n line break in it" self.assertEqual(escape_javascript_string(test_str), "a string with a \\n line break in it") test_str = "a string with a \r\n line break in it" self.assertEqual(escape_javascript_string(test_str), "a string with a \\r\\n line break in it") test_str = """a string with a \r\n line break and "quote" in it""" self.assertEqual(escape_javascript_string(test_str), '''a string with a \\r\\n line break and \\"quote\\" in it''')
def test_escape_javascript_string_for_html(self): """htmlutils - escaping strings for Javascript, for use in HTML""" self.assertEqual(escape_javascript_string('''"Are you a Munchkin?" asked Dorothy. "No, but I am their friend"'''), '\\"Are you a Munchkin?\\" asked Dorothy.\\n\\"No, but I am their friend\\"') input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/''' output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]>*/""" self.assertEqual(escape_javascript_string(input_string), output_string)
def test_escape_closing_script_tag(self): """htmlutils - escaping closing </script> tag""" input_string = '''My string contain some<script>alert(foo)</script> that browser might not like''' output_string = '''My string contain some<script>alert(foo)</scr'+'ipt> that browser might not like''' self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_CDATA=False, escape_script_tag_with_quote="'"), output_string) output_string = '''My string contain some<script>alert(foo)</scr"+"ipt> that browser might not like''' self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_CDATA=False, escape_script_tag_with_quote='"'), output_string)
def wash_for_js(text): """ DEPRECATED: use htmlutils.escape_javascript_string() instead, and take note that returned value is no longer enclosed into quotes. """ from invenio_utils.html import escape_javascript_string if isinstance(text, six.string_types): return '"%s"' % escape_javascript_string(text, escape_for_html=False, escape_CDATA=False, escape_script_tag_with_quote=None) else: return text
def test_escape_javascript_string_for_html_in_tag_attribute(self): """htmlutils - escaping closing double quotes for use in HTML tag attribute""" input_string = '''"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda.''' output_string = """"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,"\\r replied Glinda.""" self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_quote_for_html=True), output_string)
def test_escape_javascript_string_for_javascript_or_json(self): """htmlutils - escaping strings for Javascript, for use in "pure" Javscript or JSON output""" input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/''' output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]>*/""" self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_CDATA=False), output_string)
def test_escape_javascript_string_for_html_in_cdata(self): """htmlutils - escaping strings for Javascript, for use in HTML, in CDATA sections""" input_string = '''/*<![CDATA[*/"Your <em>'Silver Shoes'</em> will carry you over the desert,"\r replied Glinda./*]]>*/''' output_string = """/*<![CDATA[*/\\"Your <em>\\'Silver Shoes\\'</em> will carry you over the desert,\\"\\r replied Glinda./*]]]]><![CDATA[>*/""" self.assertEqual(escape_javascript_string(input_string, escape_for_html=False, escape_CDATA=True), output_string)