def test_severity_1(self): text = clean.remove_dangerous_tags(s1, 0) self.assertNotIn('<script src="some" />', text) self.assertNotIn('<script src="kkkkwever"></script>', text) self.assertNotIn('<script />\n </script>', text) self.assertNotIn('</script>', text) self.assertNotIn('<iframe src="bollocks">\nMyFramecontens\n</iframe>', text) text2 = clean.remove_dangerous_tags(s1, 1) self.assertNotIn('<script src="some" />', text2) self.assertNotIn('<script src="kkkkwever"></script>', text2) self.assertNotIn('<h1>Some Title\n</h1>', text2) self.assertNotIn('<body>', text2) self.assertNotIn('<html>', text2) self.assertNotIn('</html>', text2)
def process_edit_request(self, page_id, content): try: db_obj = self.from_db(page_id) db_obj.content = clean.remove_dangerous_tags(content) db_obj.save() except: raise
def do_edit(self, page, query): for one_field in self.fields: one_field.process_edit_request(page.oid, query[one_field.name][0]) page.page_title = clean.remove_dangerous_tags(query['title'][0]) page.published = _publishing_flag in query page.menu_item = ( None if query['parent-menu'][0] == 'none' else self.get_menu(*query['parent-menu'][0].rsplit('-', 1)) ) page.save() return True
def process_add(self, query, client): page = _model.Page.create( content_type=self.dbobj, creator=client.user, page_title=clean.remove_dangerous_tags(query['title'][0]), published=_publishing_flag in query, date_created=datetime.now(), menu_item=( None if query['parent-menu'][0] == 'none' else self.get_menu(*query['parent-menu'][0].rsplit('-', 1)) ) ) for field in self.fields: field.process_add( page_type=self.page_type, page_id=page.oid, content=query.get(field.name, [None])[0] ) return ':redirect:/node/{}'.format(page.oid)
def process_add(self, page_type, page_id, content): model.field(self.name).create( content=clean.remove_dangerous_tags(content), page_id=page_id, page_type=page_type )