예제 #1
0
def test_sanitize_html():
    assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
    # <script> tags
    assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
            '<b>Hello</b><b>1</b>')
    # ``display: xxxx;`` styles
    assert (sanitize_html('<b style="display: none;">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none; color: red;">Hello</b>') ==
            '<b style="color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal; display:none; '
                          'color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: inline-block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="display:block">Hello</b>') ==
            '<b style="">Hello</b>')
    # JavaScript event attributes
    assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
    assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
            '<img src="a.gif">')
    # Disallowed schemes
    assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')
    assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')
    # Rebase relative urls
    base = 'http://localhost/test/'
    sanitize = functools.partial(sanitize_html, base_uri=base)
    assert (sanitize('<a href="http://hongminhee.org/">abslink</a>') ==
            '<a href="http://hongminhee.org/">abslink</a>')
    assert (sanitize('<link href="http://hongminhee.org/">') ==
            '<link href="http://hongminhee.org/">')
    assert (sanitize('<a href="/abspath">abspath</a>') ==
            '<a href="http://localhost/abspath">abspath</a>')
    assert (sanitize('<link href="/abspath">') ==
            '<link href="http://localhost/abspath">')
    assert (sanitize('<a href="relpath">relpath</a>') ==
            '<a href="http://localhost/test/relpath">relpath</a>')
    assert (sanitize('<link href="relpath">') ==
            '<link href="http://localhost/test/relpath">')
예제 #2
0
def test_sanitize_html():
    assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
    # <script> tags
    assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
            '<b>Hello</b><b>1</b>')
    # ``display: xxxx;`` styles
    assert (sanitize_html('<b style="display: none;">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none; color: red;">Hello</b>')
            == '<b style="color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal; display:none; '
                          'color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: inline-block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="display:block">Hello</b>') ==
            '<b style="">Hello</b>')
    # JavaScript event attributes
    assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
    assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
            '<img src="a.gif">')
    # Disallowed schemes
    assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')
    assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')
예제 #3
0
def test_sanitize_html():
    assert sanitize_html('<b>Hello</b>') == '<b>Hello</b>'
    # <script> tags
    assert (sanitize_html('<b>Hello</b><script>alert(1)</script><b>1</b>') ==
            '<b>Hello</b><b>1</b>')
    # ``display: xxxx;`` styles
    assert (sanitize_html('<b style="display: none;">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none">Hello</b>') ==
            '<b style="">Hello</b>')
    assert (sanitize_html('<b style="  display:none; color: red;">Hello</b>') ==
            '<b style="color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal; display:none; '
                          'color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: inline-block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="font-weight: normal;'
                          'display: block; color: red;">Hello</b>') ==
            '<b style="font-weight: normal;color: red;">Hello</b>')
    assert (sanitize_html('<b style="display:block">Hello</b>') ==
            '<b style="">Hello</b>')
    # JavaScript event attributes
    assert sanitize_html('<b onclick="alert(1);">Hello</b>') == '<b>Hello</b>'
    assert (sanitize_html('<img onload="alert(1);" src="a.gif">') ==
            '<img src="a.gif">')
    # Disallowed schemes
    assert (sanitize_html('<a href="javascript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')
    assert (sanitize_html('<a href="jscript:alert(1)">Hello</a>') ==
            '<a href="">Hello</a>')