def test_sanitize_html(self): """ Test for html sanitization with bleach. """ allowed_tags = ['div', 'p', 'audio', 'pre', 'span'] for tag in allowed_tags: queue_msg = "<{0}>Test message</{0}>".format(tag) self.assertEqual(sanitize_html(queue_msg), queue_msg) not_allowed_tag = 'script' queue_msg = "<{0}>Test message</{0}>".format(not_allowed_tag) expected = "<script>Test message</script>" self.assertEqual(sanitize_html(queue_msg), expected)
def test_sanitize_html(self): """ Test for html sanitization with bleach. """ allowed_tags = ["div", "p", "audio", "pre", "span"] for tag in allowed_tags: queue_msg = "<{0}>Test message</{0}>".format(tag) self.assertEqual(sanitize_html(queue_msg), queue_msg) not_allowed_tag = "script" queue_msg = "<{0}>Test message</{0}>".format(not_allowed_tag) expected = "<script>Test message</script>" self.assertEqual(sanitize_html(queue_msg), expected)
def preprocess_collection(user, course, collection): """ Prepare `collection(notes_list)` provided by edx-notes-api for rendering in a template: add information about ancestor blocks, convert "updated" to date Raises: ItemNotFoundError - when appropriate module is not found. """ # pylint: disable=too-many-statements store = modulestore() filtered_collection = list() cache = {} with store.bulk_operations(course.id): for model in collection: update = { u"text": sanitize_html(model["text"]), u"quote": sanitize_html(model["quote"]), u"updated": dateutil_parse(model["updated"]), } if "tags" in model: update[u"tags"] = [sanitize_html(tag) for tag in model["tags"]] model.update(update) usage_id = model["usage_id"] if usage_id in cache: model.update(cache[usage_id]) filtered_collection.append(model) continue usage_key = UsageKey.from_string(usage_id) # Add a course run if necessary. usage_key = usage_key.replace(course_key=store.fill_in_run(usage_key.course_key)) try: item = store.get_item(usage_key) except ItemNotFoundError: log.debug("Module not found: %s", usage_key) continue if not has_access(user, "load", item, course_key=course.id): log.debug("User %s does not have an access to %s", user, item) continue unit = get_parent_unit(item) if unit is None: log.debug("Unit not found: %s", usage_key) continue section = unit.get_parent() if not section: log.debug("Section not found: %s", usage_key) continue if section in cache: usage_context = cache[section] usage_context.update({ "unit": get_module_context(course, unit), }) model.update(usage_context) cache[usage_id] = cache[unit] = usage_context filtered_collection.append(model) continue chapter = section.get_parent() if not chapter: log.debug("Chapter not found: %s", usage_key) continue if chapter in cache: usage_context = cache[chapter] usage_context.update({ "unit": get_module_context(course, unit), "section": get_module_context(course, section), }) model.update(usage_context) cache[usage_id] = cache[unit] = cache[section] = usage_context filtered_collection.append(model) continue usage_context = { "unit": get_module_context(course, unit), "section": get_module_context(course, section), "chapter": get_module_context(course, chapter), } model.update(usage_context) cache[usage_id] = cache[unit] = cache[section] = cache[chapter] = usage_context filtered_collection.append(model) return filtered_collection