def setUp(self): """Setup SanitizeHTMLMixin Test""" self.mixin = SanitizeHTMLMixin()
class SanitizeHTMLMixinTest(TestCase): """Tests for SanitizeHTMLMixin.""" def setUp(self): """Setup SanitizeHTMLMixin Test""" self.mixin = SanitizeHTMLMixin() @patch('open_connect.connect_core.utils.mixins.clean_html', return_value='') @override_settings(ALLOWED_HOSTS=['localhost']) def test_sanitize_html_text_calls(self, mock): """Test that django's clean_html function is called""" self.mixin.sanitize_html(TEST_HTML) mock.called_once_with(TEST_HTML) def test_handle_breaks(self): """Test the handle_breaks function""" # Use the "safe" html that contains a lot of <br/> tags, spaces and # newlines result = handle_breaks(DIRTY_SAFE_HTML) # Test whitespace, tab and newline removal self.assertFalse(' ' in result) self.assertFalse('\n' in result) self.assertFalse('\t' in result) # Test Unicode self.assertTrue(u'Ⴚ' in result) # Tech space around break removal self.assertFalse('Hey<br/> Yeah' in result) self.assertTrue('Hey<br/>Yeah' in result) # Test multiple linebreak removal self.assertFalse('<br/><br/><br/>' in result) self.assertTrue('Testing<br/><br/>Multiple Lines' in result) @override_settings(ALLOWED_HOSTS=['localhost']) def test_cleanse_tags(self): """Test that invalid html is stripped and valid html is not.""" # pylint: disable=protected-access safe_html = self.mixin._cleanse_tags(TEST_HTML) # Test Allowed Tags self.assertTrue('<strong>' in safe_html) self.assertTrue('<em>' in safe_html) self.assertTrue('<a href=' in safe_html) self.assertTrue('br' in safe_html) self.assertTrue('img' in safe_html) # Test Allowed Attributes self.assertTrue('href=' in safe_html) self.assertTrue('src=' in safe_html, msg=safe_html) self.assertTrue('data-embed=' in safe_html, msg=safe_html) # Test allowed url schemes in links self.assertTrue('<a href="mailto:[email protected]">hi</a>' in safe_html) self.assertTrue('<a href="https://thisiscool.com">' in safe_html) # Test bad url schemes in links self.assertFalse('<a href="javascript:alert' in safe_html) self.assertFalse('<a href="ftp://badperson' in safe_html) # Test Unacceptable HTML self.assertFalse('iframe' in safe_html) self.assertFalse('<script>' in safe_html) self.assertFalse('h1' in safe_html) self.assertFalse('div' in safe_html) self.assertFalse('alt=' in safe_html) # Test Unacceptable Attributes self.assertFalse('display: none;' in safe_html) self.assertFalse('width=' in safe_html) self.assertFalse('height=' in safe_html) # Test Unicode self.assertTrue(u'Ⴚ'.encode("utf-8") in safe_html) # Test src attribute with a valid domain self.assertTrue('localhost' in safe_html) # Test src attribute with an invalid domain self.assertFalse('badbadsite.com' in safe_html) @override_settings(ALLOWED_HOSTS=['localhost']) def test_adds_max_width(self): """Test that max-width is added to all image tags.""" # pylint: disable=protected-access,invalid-name # Test when ADD_MAX_WIDTH is True self.mixin.ADD_MAX_WIDTH = True safe_html_with_max_width = self.mixin._cleanse_tags(TEST_HTML) self.assertIn( '<img src="http://localhost/big.jpg" style="max-width: 100%;"/>', safe_html_with_max_width) # Test when ADD_MAX_WIDTH is False self.mixin.ADD_MAX_WIDTH = False safe_html_no_max_width = self.mixin._cleanse_tags(TEST_HTML) self.assertNotIn('max-width', safe_html_no_max_width) @patch('open_connect.connect_core.utils.mixins.handle_breaks') @patch('open_connect.connect_core.utils.mixins.clean_html') @patch.object(SanitizeHTMLMixin, '_cleanse_tags') def test_sanitize_html(self, mock_rm_tags, mock_clean_html, mock_breaks): """Test that sanitize_html runs things""" result = self.mixin.sanitize_html(TEST_HTML) self.assertEqual(result, mock_breaks.return_value) mock_clean_html.assert_called_with(TEST_HTML) # Confirm that the string replacement happens clean_html_return = string.replace(mock_clean_html.return_value, '\n', '<br/>') mock_rm_tags.assert_called_with(clean_html_return) mock_breaks.assert_called_with(mock_rm_tags.return_value) def test_plain_text(self): """Test a plain text submission""" result = self.mixin.sanitize_html(PLAIN_TEXT_MESSAGE) self.assertEqual(result, 'Line 1<br/><br/>Line 3<br/><br/>Line 7') message = PLAIN_TEXT_MESSAGE + '<!-- vars:redactor=true -->' result = self.mixin.sanitize_html(message) self.assertEqual(result, 'Line 1 Line 3 Line 7 <!-- vars:redactor=true -->')
class SanitizeHTMLMixinTest(TestCase): """Tests for SanitizeHTMLMixin.""" def setUp(self): """Setup SanitizeHTMLMixin Test""" self.mixin = SanitizeHTMLMixin() @patch('open_connect.connect_core.utils.mixins.clean_html', return_value='') @override_settings(ALLOWED_HOSTS=['localhost']) def test_sanitize_html_text_calls(self, mock): """Test that django's clean_html function is called""" self.mixin.sanitize_html(TEST_HTML) mock.called_once_with(TEST_HTML) def test_handle_breaks(self): """Test the handle_breaks function""" # Use the "safe" html that contains a lot of <br/> tags, spaces and # newlines result = handle_breaks(DIRTY_SAFE_HTML) # Test whitespace, tab and newline removal self.assertFalse(' ' in result) self.assertFalse('\n' in result) self.assertFalse('\t' in result) # Test Unicode self.assertTrue(u'Ⴚ' in result) # Tech space around break removal self.assertFalse('Hey<br/> Yeah' in result) self.assertTrue('Hey<br/>Yeah' in result) # Test multiple linebreak removal self.assertFalse('<br/><br/><br/>' in result) self.assertTrue('Testing<br/><br/>Multiple Lines' in result) @override_settings(ALLOWED_HOSTS=['localhost']) def test_cleanse_tags(self): """Test that invalid html is stripped and valid html is not.""" # pylint: disable=protected-access safe_html = self.mixin._cleanse_tags(TEST_HTML) # Test Allowed Tags self.assertTrue('<strong>' in safe_html) self.assertTrue('<em>' in safe_html) self.assertTrue('<a href=' in safe_html) self.assertTrue('br' in safe_html) self.assertTrue('img' in safe_html) # Test Allowed Attributes self.assertTrue('href=' in safe_html) self.assertTrue('src=' in safe_html, msg=safe_html) self.assertTrue('data-embed=' in safe_html, msg=safe_html) # Test allowed url schemes in links self.assertTrue('<a href="mailto:[email protected]">hi</a>' in safe_html) self.assertTrue('<a href="https://thisiscool.com">' in safe_html) # Test bad url schemes in links self.assertFalse('<a href="javascript:alert' in safe_html) self.assertFalse('<a href="ftp://badperson' in safe_html) # Test Unacceptable HTML self.assertFalse('iframe' in safe_html) self.assertFalse('<script>' in safe_html) self.assertFalse('h1' in safe_html) self.assertFalse('div' in safe_html) self.assertFalse('alt=' in safe_html) # Test Unacceptable Attributes self.assertFalse('display: none;' in safe_html) self.assertFalse('width=' in safe_html) self.assertFalse('height=' in safe_html) # Test Unicode self.assertTrue(u'Ⴚ'.encode("utf-8") in safe_html) # Test src attribute with a valid domain self.assertTrue('localhost' in safe_html) # Test src attribute with an invalid domain self.assertFalse('badbadsite.com' in safe_html) @override_settings(ALLOWED_HOSTS=['localhost']) def test_adds_max_width(self): """Test that max-width is added to all image tags.""" # pylint: disable=protected-access,invalid-name # Test when ADD_MAX_WIDTH is True self.mixin.ADD_MAX_WIDTH = True safe_html_with_max_width = self.mixin._cleanse_tags(TEST_HTML) self.assertIn( '<img src="http://localhost/big.jpg" style="max-width: 100%;"/>', safe_html_with_max_width) # Test when ADD_MAX_WIDTH is False self.mixin.ADD_MAX_WIDTH = False safe_html_no_max_width = self.mixin._cleanse_tags(TEST_HTML) self.assertNotIn('max-width', safe_html_no_max_width) @patch('open_connect.connect_core.utils.mixins.handle_breaks') @patch('open_connect.connect_core.utils.mixins.clean_html') @patch.object(SanitizeHTMLMixin, '_cleanse_tags') def test_sanitize_html(self, mock_rm_tags, mock_clean_html, mock_breaks): """Test that sanitize_html runs things""" result = self.mixin.sanitize_html(TEST_HTML) self.assertEqual(result, mock_breaks.return_value) mock_clean_html.assert_called_with(TEST_HTML) # Confirm that the string replacement happens clean_html_return = string.replace( mock_clean_html.return_value, '\n', '<br/>') mock_rm_tags.assert_called_with(clean_html_return) mock_breaks.assert_called_with(mock_rm_tags.return_value) def test_plain_text(self): """Test a plain text submission""" result = self.mixin.sanitize_html(PLAIN_TEXT_MESSAGE) self.assertEqual(result, 'Line 1<br/><br/>Line 3<br/><br/>Line 7') message = PLAIN_TEXT_MESSAGE + '<!-- vars:redactor=true -->' result = self.mixin.sanitize_html(message) self.assertEqual( result, 'Line 1 Line 3 Line 7 <!-- vars:redactor=true -->')