def test_SecureQLabel_setText(): sl = SecureQLabel("hello") assert sl.text() == "hello" label_text = '<script>alert("hi!");</script>' sl.setText(label_text) assert sl.text() == html.escape(label_text, quote=False)
def test_SecureQLabel_setText(mocker): sl = SecureQLabel("hello") assert sl.text() == "hello" label_text = '<script>alert("hi!");</script>' sl.setTextFormat = mocker.MagicMock() sl.setText(label_text) assert sl.text() == label_text # Ensure *safe* plain text with no HTML entities. sl.setTextFormat.assert_called_once_with(Qt.PlainText)