def test_remove_prohibited_attributes(self):
root = etree.fromstring("""<div id="hello">remove me<p onerror="dosomething">remove me</p></div>""")
res = remove_prohibited_attributes(root)
#res.findall('.//*') will only search for the child
for n in chain([res], res.findall('.//*')):
self.assertTrue('onerror' not in n.attrib)
self.assertTrue('id' not in n.attrib)
def test_url_sanitization(self):
root = etree.fromstring("""<div><a href="http://httpbin.org">http</a><a href="https://httpbin.org">https</a><a href="ftp://httpbin.org">ftp</a></div>""")
res = remove_prohibited_attributes(root)
for n in res.findall('.//*'):
self.assertTrue('ftp' not in n.attrib)
