示例#1
0
 def test_render_no_xss(self):
     from adhocracy.lib.text import render
     source = '<script>XSS</script><a></a>'
     result = render(source, substitutions=False)
     self.assertEquals(result[:3], '<p>')
     self.assertEquals(result[-4:], '</p>')
     core_result = result[3:-4]
     self.assertTrue(u'<' not in core_result)
示例#2
0
 def test_render_no_xss(self):
     from adhocracy.lib.text import render
     source = '<script>XSS</script><a></a>'
     result = render(source, substitutions=False)
     self.assertEquals(result[:3], '<p>')
     self.assertEquals(result[-4:], '</p>')
     core_result = result[3:-4]
     self.assertTrue(u'<' not in core_result)
示例#3
0
文件: event.py 项目: phihag/adhocracy 
 def text(self):
     text = None
     try:
         if self.event:
             from adhocracy.lib.text import render
             text = self.event.text(self)
             text = render(text)
     except AttributeError, ae:
         log.exception("Creating event text", ae)
示例#4
0
 def test_render_no_xss_substitutions(self):
     from adhocracy.lib.text import render
     tt_make_user('<foo>')
     source = '@<foo>'
     result = render(source, substitutions=True)
     self.assertEquals(result[:3], '<p>')
     self.assertEquals(result[-4:], '</p>')
     core_result = result[3:-4]
     self.assertTrue(u'<' not in core_result)
示例#5
0
 def test_html_sanitizing(self):
     from adhocracy.lib.text import render
     result = render(SANITIZE_TEST_STRING, safe_mode='adhocracy_config',
                     _testing_allow_user_html=True)
     self.assertTrue('<script' not in result)
     self.assertTrue('<object' not in result)
     self.assertTrue('<embed' not in result)
     self.assertTrue('javascript' not in result)
     self.assertTrue('<iframe' in result)
示例#6
0
 def test_render_no_xss_substitutions(self):
     from adhocracy.lib.text import render
     tt_make_user('<foo>')
     source = '@<foo>'
     result = render(source, substitutions=True)
     self.assertEquals(result[:3], '<p>')
     self.assertEquals(result[-4:], '</p>')
     core_result = result[3:-4]
     self.assertTrue(u'<' not in core_result)
示例#7
0
 def test_html_sanitizing(self):
     from adhocracy.lib.text import render
     result = render(SANITIZE_TEST_STRING,
                     safe_mode='adhocracy_config',
                     _testing_allow_user_html=True)
     self.assertTrue('<script' not in result)
     self.assertTrue('<object' not in result)
     self.assertTrue('<embed' not in result)
     self.assertTrue('javascript' not in result)
     self.assertTrue('<iframe' in result)
示例#8
0
文件: test_text.py 项目: whausen/part 
 def test_html_sanitizing(self):
     from adhocracy.lib.text import render
     source = '<h1>Hello</h1><script>XSS</script>' \
             '<object>include_dangerous</object>' \
             '<embed>include_dangerous</embed>' \
             '<a href="javascript:bar()" onclick="javascript: alert(\'foo\')">lala</a>' \
             '<iframe class="youtube-player" type="text/html" width="640" height="385"' \
             ' src="http://www.youtube.com/embed/foo" frameborder="0">' \
             '</iframe>'
     result = render(source, safe_mode='adhocracy_config', _testing_allow_user_html=True)
     self.assertTrue('<script' not in result)
     self.assertTrue('<object' not in result)
     self.assertTrue('<embed' not in result)
     self.assertTrue('javascript' not in result)
     self.assertTrue('<iframe' in result)
示例#9
0
 def test_render_user_substitution(self):
     from adhocracy.lib.text import render
     tt_make_user('pudo')
     source = '@pudo'
     result = render(source, substitutions=True)
     self.assertTrue(u'/user/pudo"' in result)
示例#10
0
 def test_render_no_substitution(self):
     from adhocracy.lib.text import render
     tt_make_user('pudo')
     source = '@pudo'
     result = render(source, substitutions=False)
     self.assertEqual(result, u'<p>@pudo</p>')
示例#11
0
 def test_render(self):
     from adhocracy.lib.text import render
     source = ('header\n'
               '========')
     result = render(source)
     self.assertEqual(result, u'<h1>header</h1>')
示例#12
0
 def description(self):
     if self.instance.description:
         return text.render(self.instance.description, escape=False)
     return ""
示例#13
0
文件: text.py 项目: phihag/adhocracy 
 def render(self):
     from adhocracy.lib import text
     if self.page.function == self.page.NORM:
         return text.render_line_based(self)
     return text.render(self.text)
示例#14
0
 def text(self):
     if self.milestone.text:
         return text.render(self.milestone.text, escape=False)
     return ""
示例#15
0
 def test_render_markdown_vuln(self):
     from adhocracy.lib.text import render
     source = u'[XSS](javascript://%0Aalert%28\'XSS\'%29;)'
     result = render(source)
     self.assertTrue(u'javascript' not in result)
示例#16
0
 def test_render_user_substitution(self):
     from adhocracy.lib.text import render
     tt_make_user('pudo')
     source = '@pudo'
     result = render(source, substitutions=True)
     self.assertTrue(u'http://test.lan/user/pudo"' in result)
示例#17
0
 def test_render_no_substitution(self):
     from adhocracy.lib.text import render
     tt_make_user('pudo')
     source = '@pudo'
     result = render(source, substitutions=False)
     self.assertEqual(result, u'<p>@pudo</p>\n')
示例#18
0
 def text(self):
     if self.comment and self.comment.latest:
         return text.render(self.comment.latest.text)
     return ""
示例#19
0
 def _bio(self):
     if self.user.bio:
         return text.render(self.user.bio)
     return ""
示例#20
0
 def text(self):
     if self.milestone.text:
         return text.render(self.milestone.text,
                            safe_mode='adhocracy_config')
     return ""
示例#21
0
 def description(self):
     if self.instance.description:
         return text.render(self.instance.description, escape=False)
     return ""
示例#22
0
 def test_render_markdown_vuln(self):
     from adhocracy.lib.text import render
     source = u'[XSS](javascript://%0Aalert%28\'XSS\'%29;)'
     result = render(source)
     self.assertTrue(u'javascript' not in result)
示例#23
0
 def render(self, line_based=False):
     from adhocracy.lib import text
     if line_based:
         return text.render_line_based(self)
     else:
         return text.render(self.text)
示例#24
0
 def test_render(self):
     from adhocracy.lib.text import render
     source = ('header\n'
               '========')
     result = render(source)
     self.assertEqual(result, u'<h1>header</h1>\n')
示例#25
0
文件: text.py 项目: alkadis/vcv 
 def render(self, line_based=False):
     from adhocracy.lib import text
     if line_based:
         return text.render_line_based(self)
     else:
         return text.render(self.text)
示例#26
0
文件: user_tiles.py 项目: alkadis/vcv 
 def _bio(self):
     if self.user.bio:
         return text.render(self.user.bio)
     return ""
示例#27
0
 def text(self):
     if self.comment and self.comment.latest:
         return text.render(self.comment.latest.text)
     return ""
示例#28
0
 def description(self):
     if self.instance.description:
         return text.render(self.instance.description,
                            safe_mode='adhocracy_config')
     return ""
示例#29
0
    def test_usercontent(self):
        from adhocracy.lib.text import render

        r = render(u'[link](http://example.com/)')
        self.assertTrue(u'href="http://example' not in r)
示例#30
0
 def text(self):
     if self.milestone.text:
         return text.render(self.milestone.text,
                            safe_mode='adhocracy_config')
     return ""
示例#31
0
 def description(self):
     if self.instance.description:
         return text.render(self.instance.description,
                            safe_mode='adhocracy_config')
     return ""
示例#32
0
 def render(self):
     from adhocracy.lib import text
     if self.page.function == self.page.NORM:
         return text.render_line_based(self)
     return text.render(self.text)