예제 #1
0
def test_rst_xss_raw_directive():
    xss_rst = '\n'.join([
        '.. raw:: html', '',
        '  <a href="javascript:alert(\'XSS: pwned!\')">link</a>'
    ])
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert 'href="javascript:alert(' not in rendered_html
예제 #2
0
def rst(source):
    return literal('<div class="rst-block">%s</div>' %
                   MarkupRenderer.rst(source))
예제 #3
0
def rst(source):
    return literal('<div class="rst-block">%s</div>' %
                   MarkupRenderer.rst(source))
예제 #4
0
def test_rst_xss_inline_html():
    xss_rst = '<a href="javascript:alert(\'XSS: pwned!\')">link</a>'
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert 'href="javascript:alert(' not in rendered_html
예제 #5
0
def test_rst_xss_link():
    xss_rst = "`Link<javascript:alert('XSS: pwned!')>`_"
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert "href=javascript:alert('XSS: pwned!')" not in rendered_html