def test_jsondata_node(self):
# self.maxDiff = None
self._assertJsonscriptNode('<script type="application/json"><!-- --></script>', '')
data = '-->'
self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data)
data = '--></script><script'
self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data)
data = '-->>/script<>script'
self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data)
self._assertJsonscriptNode('<script type="application/json"><!-- [] --></script>', '[]')
self._assertJsonscriptNode('<script type="application/json"><!-- {} --></script>', '{}')
data = '{"a":12,"b":"-->alert();<script/>"}'
self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data)
self._assertJsonscriptNode(
'<script type="application/json" class="test" name="<script/>"><!-- --></script>',
'', "class='test' name='<script/>'",
)
self._assertJsonscriptNode(
'<script type="application/json" class="test" name="script#1"><!-- --></script>',
'', "class='test' name=name",
)
def test_escapejson(self):
self.assertEqual(escapejson('&'), '\\u0026')
self.assertEqual(escapejson('\\'), '\\u005C')
self.assertEqual(
escapejson('{"a": 12, "b": "-->alert();<script/>"}'),
'{"a": 12, "b": "--\\u003Ealert();\\u003Cscript/\\u003E"}',
)
def test_jsondata_tag(self):
# self.maxDiff = None
self._assertJsonscriptTag('', None)
self._assertJsonscriptTag(
'<script type="application/json"><!-- --></script>', '')
data = '-->'
self._assertJsonscriptTag(
r'<script type="application/json"><!-- ' + escapejson(data) +
' --></script>', data)
data = '--></script><script'
self._assertJsonscriptTag(
r'<script type="application/json"><!-- ' + escapejson(data) +
' --></script>', data)
data = '-->>/script<>script'
self._assertJsonscriptTag(
r'<script type="application/json"><!-- ' + escapejson(data) +
' --></script>', data)
self._assertJsonscriptTag(
'<script type="application/json"><!-- [] --></script>', [])
self._assertJsonscriptTag(
'<script type="application/json"><!-- {} --></script>', {})
# self._assertJsonscriptTag(r'<script type="application/json"><!-- ' + escapejson('{"a":12,"b":"-->alert();<script/>"}') + ' --></script>',
# {"a": 12, "b": "-->alert();<script/>"}
# ) # TODO: uncomment when order is guaranteed (Python 3.7)
self._assertJsonscriptTag(
r'<script type="application/json"><!-- ' +
escapejson('{"b":"-->alert();<script/>"}') + ' --></script>',
{'b': '-->alert();<script/>'})
# self._assertJsonscriptTag(r'<script type="application/json"><!-- ' + escapejson('{"a":12,"b":0.47,"c":"' + ugettext('User') + '"}') + r' --></script>',
# {"a": 12, "b": Decimal("0.47"), "c": ugettext_lazy('User')}
# ) # TODO: uncomment when order is guaranteed (Python 3.7)
self._assertJsonscriptTag(
r'<script type="application/json"><!-- {"a":12} --></script>',
{'a': 12})
self._assertJsonscriptTag(
r'<script type="application/json"><!-- {"b":0.47} --></script>',
{'b': Decimal("0.47")})
self._assertJsonscriptTag(
r'<script type="application/json"><!-- ' +
escapejson('{"c":"%s"}' % ugettext('User')) + r' --></script>',
{'c': ugettext_lazy('User')})
self._assertJsonscriptTag(
'<script type="application/json" class="test" name="<script/>"><!-- --></script>',
'',
"class='test' name='<script/>'",
)
self._assertJsonscriptTag(
'<script type="application/json" class="test" name="script#1"><!-- --></script>',
'',
"class='test' name=name",
)