def test_allowed_url_schemes(self): for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']: url = url_scheme + "://www.example.com" self.assertTrue(bool(check_url(url)))
def test_crafty_disallowed_url_scheme(self): """ Some URL parsers do not parse 'jav\tascript:' as a valid scheme. Browsers, however, do. The checker needs to catch these crafty schemes """ self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self): self.assertFalse(bool(check_url("invalid://url")))
def test_crafty_disallowed_url_scheme(self): """ Some URL parsers do not parse 'jav\tascript:' as a valid scheme. Browsers, however, do. The checker needs to catch these crafty schemes """ self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self): self.assertFalse(bool(check_url("invalid://url")))
def test_allowed_url_schemes(self): for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']: url = url_scheme + "://www.example.com" self.assertTrue(bool(check_url(url)))