def test_user_link_xss(): user = UserProfile(username='******', display_name='<script>alert(1)</script>', pk=1) html = "<script>alert(1)</script>" assert user_link(user) == '<a href="%s" title="%s">%s</a>' % ( user.get_absolute_url(), html, html) user = UserProfile(username='******', display_name="""xss"'><iframe onload=alert(3)>""", pk=1) html = """xss"'><iframe onload=alert(3)>""" assert user_link(user) == '<a href="%s" title="%s">%s</a>' % ( user.get_absolute_url(), html, html)
def test_users_list_truncate_display_name(): user = UserProfile(username='******', display_name='Some Very Long Display Name', pk=1) truncated_list = users_list([user], None, 10) assert truncated_list == ( '<a href="%s" title="%s">Some Very...</a>' % (user.get_absolute_url(), user.name))
def test_user_link(): user = UserProfile(username='******', display_name='John Connor', pk=1) assert user_link(user) == ('<a href="%s" title="%s">John Connor</a>' % (user.get_absolute_url(), user.name)) # handle None gracefully assert user_link(None) == ''