def test_severity_1(self):
text = clean.remove_dangerous_tags(s1, 0)
self.assertNotIn('<script src="some" />', text)
self.assertNotIn('<script src="kkkkwever"></script>', text)
self.assertNotIn('<script />\n </script>', text)
self.assertNotIn('</script>', text)
self.assertNotIn('<iframe src="bollocks">\nMyFramecontens\n</iframe>', text)
text2 = clean.remove_dangerous_tags(s1, 1)
self.assertNotIn('<script src="some" />', text2)
self.assertNotIn('<script src="kkkkwever"></script>', text2)
self.assertNotIn('<h1>Some Title\n</h1>', text2)
self.assertNotIn('<body>', text2)
self.assertNotIn('<html>', text2)
self.assertNotIn('</html>', text2)
def process_edit_request(self, page_id, content):
try:
db_obj = self.from_db(page_id)
db_obj.content = clean.remove_dangerous_tags(content)
db_obj.save()
except:
raise
def do_edit(self, page, query):
for one_field in self.fields:
one_field.process_edit_request(page.oid, query[one_field.name][0])
page.page_title = clean.remove_dangerous_tags(query['title'][0])
page.published = _publishing_flag in query
page.menu_item = (
None if query['parent-menu'][0] == 'none'
else self.get_menu(*query['parent-menu'][0].rsplit('-', 1))
)
page.save()
return True
def process_add(self, query, client):
page = _model.Page.create(
content_type=self.dbobj,
creator=client.user,
page_title=clean.remove_dangerous_tags(query['title'][0]),
published=_publishing_flag in query,
date_created=datetime.now(),
menu_item=(
None if query['parent-menu'][0] == 'none'
else self.get_menu(*query['parent-menu'][0].rsplit('-', 1))
)
)
for field in self.fields:
field.process_add(
page_type=self.page_type,
page_id=page.oid,
content=query.get(field.name, [None])[0]
)
return ':redirect:/node/{}'.format(page.oid)
def process_add(self, page_type, page_id, content):
model.field(self.name).create(
content=clean.remove_dangerous_tags(content),
page_id=page_id,
page_type=page_type
)
