def test_jsondata_node(self): # self.maxDiff = None self._assertJsonscriptNode('<script type="application/json"><!-- --></script>', '') data = '-->' self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) data = '--></script><script' self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) data = '-->>/script<>script' self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) self._assertJsonscriptNode('<script type="application/json"><!-- [] --></script>', '[]') self._assertJsonscriptNode('<script type="application/json"><!-- {} --></script>', '{}') data = '{"a":12,"b":"-->alert();<script/>"}' self._assertJsonscriptNode(r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) self._assertJsonscriptNode( '<script type="application/json" class="test" name="<script/>"><!-- --></script>', '', "class='test' name='<script/>'", ) self._assertJsonscriptNode( '<script type="application/json" class="test" name="script#1"><!-- --></script>', '', "class='test' name=name", )
def test_escapejson(self): self.assertEqual(escapejson('&'), '\\u0026') self.assertEqual(escapejson('\\'), '\\u005C') self.assertEqual( escapejson('{"a": 12, "b": "-->alert();<script/>"}'), '{"a": 12, "b": "--\\u003Ealert();\\u003Cscript/\\u003E"}', )
def test_jsondata_tag(self): # self.maxDiff = None self._assertJsonscriptTag('', None) self._assertJsonscriptTag( '<script type="application/json"><!-- --></script>', '') data = '-->' self._assertJsonscriptTag( r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) data = '--></script><script' self._assertJsonscriptTag( r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) data = '-->>/script<>script' self._assertJsonscriptTag( r'<script type="application/json"><!-- ' + escapejson(data) + ' --></script>', data) self._assertJsonscriptTag( '<script type="application/json"><!-- [] --></script>', []) self._assertJsonscriptTag( '<script type="application/json"><!-- {} --></script>', {}) # self._assertJsonscriptTag(r'<script type="application/json"><!-- ' + escapejson('{"a":12,"b":"-->alert();<script/>"}') + ' --></script>', # {"a": 12, "b": "-->alert();<script/>"} # ) # TODO: uncomment when order is guaranteed (Python 3.7) self._assertJsonscriptTag( r'<script type="application/json"><!-- ' + escapejson('{"b":"-->alert();<script/>"}') + ' --></script>', {'b': '-->alert();<script/>'}) # self._assertJsonscriptTag(r'<script type="application/json"><!-- ' + escapejson('{"a":12,"b":0.47,"c":"' + ugettext('User') + '"}') + r' --></script>', # {"a": 12, "b": Decimal("0.47"), "c": ugettext_lazy('User')} # ) # TODO: uncomment when order is guaranteed (Python 3.7) self._assertJsonscriptTag( r'<script type="application/json"><!-- {"a":12} --></script>', {'a': 12}) self._assertJsonscriptTag( r'<script type="application/json"><!-- {"b":0.47} --></script>', {'b': Decimal("0.47")}) self._assertJsonscriptTag( r'<script type="application/json"><!-- ' + escapejson('{"c":"%s"}' % ugettext('User')) + r' --></script>', {'c': ugettext_lazy('User')}) self._assertJsonscriptTag( '<script type="application/json" class="test" name="<script/>"><!-- --></script>', '', "class='test' name='<script/>'", ) self._assertJsonscriptTag( '<script type="application/json" class="test" name="script#1"><!-- --></script>', '', "class='test' name=name", )