Exemplo n.º 1
0
def test_rst_xss_raw_directive():
    xss_rst = '\n'.join([
        '.. raw:: html', '',
        '  <a href="javascript:alert(\'XSS: pwned!\')">link</a>'
    ])
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert 'href="javascript:alert(' not in rendered_html
Exemplo n.º 2
0
def rst(source):
    return literal('<div class="rst-block">%s</div>' %
                   MarkupRenderer.rst(source))
Exemplo n.º 3
0
def rst(source):
    return literal('<div class="rst-block">%s</div>' %
                   MarkupRenderer.rst(source))
Exemplo n.º 4
0
def test_rst_xss_inline_html():
    xss_rst = '<a href="javascript:alert(\'XSS: pwned!\')">link</a>'
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert 'href="javascript:alert(' not in rendered_html
Exemplo n.º 5
0
def test_rst_xss_link():
    xss_rst = "`Link<javascript:alert('XSS: pwned!')>`_"
    rendered_html = MarkupRenderer.rst(xss_rst)
    assert "href=javascript:alert('XSS: pwned!')" not in rendered_html