def test_sanitize_html():
assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
# <script> tags
assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
'<b>Hello</b><b>1</b>')
# ``display: xxxx;`` styles
assert (sanitize_html('<b style="display: none;">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none; color: red;">Hello</b>') ==
'<b style="color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal; display:none; '
'color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: inline-block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="display:block">Hello</b>') ==
'<b style="">Hello</b>')
# JavaScript event attributes
assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
'<img src="a.gif">')
# Disallowed schemes
assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')
assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')
# Rebase relative urls
base = 'http://localhost/test/'
sanitize = functools.partial(sanitize_html, base_uri=base)
assert (sanitize('<a href="http://hongminhee.org/">abslink</a>') ==
'<a href="http://hongminhee.org/">abslink</a>')
assert (sanitize('<link href="http://hongminhee.org/">') ==
'<link href="http://hongminhee.org/">')
assert (sanitize('<a href="/abspath">abspath</a>') ==
'<a href="http://localhost/abspath">abspath</a>')
assert (sanitize('<link href="/abspath">') ==
'<link href="http://localhost/abspath">')
assert (sanitize('<a href="relpath">relpath</a>') ==
'<a href="http://localhost/test/relpath">relpath</a>')
assert (sanitize('<link href="relpath">') ==
'<link href="http://localhost/test/relpath">')
def test_sanitize_html():
assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
# <script> tags
assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
'<b>Hello</b><b>1</b>')
# ``display: xxxx;`` styles
assert (sanitize_html('<b style="display: none;">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none; color: red;">Hello</b>')
== '<b style="color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal; display:none; '
'color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: inline-block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="display:block">Hello</b>') ==
'<b style="">Hello</b>')
# JavaScript event attributes
assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
'<img src="a.gif">')
# Disallowed schemes
assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')
assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')
def test_sanitize_html():
assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
# <script> tags
assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
'<b>Hello</b><b>1</b>')
# ``display: xxxx;`` styles
assert (sanitize_html('<b style="display: none;">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none">Hello</b>') ==
'<b style="">Hello</b>')
assert (sanitize_html('<b style=" display:none; color: red;">Hello</b>') ==
'<b style="color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal; display:none; '
'color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: inline-block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="font-weight: normal;'
'display: block; color: red;">Hello</b>') ==
'<b style="font-weight: normal;color: red;">Hello</b>')
assert (sanitize_html('<b style="display:block">Hello</b>') ==
'<b style="">Hello</b>')
# JavaScript event attributes
assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
'<img src="a.gif">')
# Disallowed schemes
assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')
assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
'<a href="">Hello</a>')