def setUp(self):
"""Setup SanitizeHTMLMixin Test"""
self.mixin = SanitizeHTMLMixin()
def setUp(self):
"""Setup SanitizeHTMLMixin Test"""
self.mixin = SanitizeHTMLMixin()
class SanitizeHTMLMixinTest(TestCase):
"""Tests for SanitizeHTMLMixin."""
def setUp(self):
"""Setup SanitizeHTMLMixin Test"""
self.mixin = SanitizeHTMLMixin()
@patch('open_connect.connect_core.utils.mixins.clean_html',
return_value='')
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_sanitize_html_text_calls(self, mock):
"""Test that django's clean_html function is called"""
self.mixin.sanitize_html(TEST_HTML)
mock.called_once_with(TEST_HTML)
def test_handle_breaks(self):
"""Test the handle_breaks function"""
# Use the "safe" html that contains a lot of <br/> tags, spaces and
# newlines
result = handle_breaks(DIRTY_SAFE_HTML)
# Test whitespace, tab and newline removal
self.assertFalse(' ' in result)
self.assertFalse('\n' in result)
self.assertFalse('\t' in result)
# Test Unicode
self.assertTrue(u'Ⴚ' in result)
# Tech space around break removal
self.assertFalse('Hey<br/> Yeah' in result)
self.assertTrue('Hey<br/>Yeah' in result)
# Test multiple linebreak removal
self.assertFalse('<br/><br/><br/>' in result)
self.assertTrue('Testing<br/><br/>Multiple Lines' in result)
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_cleanse_tags(self):
"""Test that invalid html is stripped and valid html is not."""
# pylint: disable=protected-access
safe_html = self.mixin._cleanse_tags(TEST_HTML)
# Test Allowed Tags
self.assertTrue('<strong>' in safe_html)
self.assertTrue('<em>' in safe_html)
self.assertTrue('<a href=' in safe_html)
self.assertTrue('br' in safe_html)
self.assertTrue('img' in safe_html)
# Test Allowed Attributes
self.assertTrue('href=' in safe_html)
self.assertTrue('src=' in safe_html, msg=safe_html)
self.assertTrue('data-embed=' in safe_html, msg=safe_html)
# Test allowed url schemes in links
self.assertTrue('<a href="mailto:[email protected]">hi</a>' in safe_html)
self.assertTrue('<a href="https://thisiscool.com">' in safe_html)
# Test bad url schemes in links
self.assertFalse('<a href="javascript:alert' in safe_html)
self.assertFalse('<a href="ftp://badperson' in safe_html)
# Test Unacceptable HTML
self.assertFalse('iframe' in safe_html)
self.assertFalse('<script>' in safe_html)
self.assertFalse('h1' in safe_html)
self.assertFalse('div' in safe_html)
self.assertFalse('alt=' in safe_html)
# Test Unacceptable Attributes
self.assertFalse('display: none;' in safe_html)
self.assertFalse('width=' in safe_html)
self.assertFalse('height=' in safe_html)
# Test Unicode
self.assertTrue(u'Ⴚ'.encode("utf-8") in safe_html)
# Test src attribute with a valid domain
self.assertTrue('localhost' in safe_html)
# Test src attribute with an invalid domain
self.assertFalse('badbadsite.com' in safe_html)
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_adds_max_width(self):
"""Test that max-width is added to all image tags."""
# pylint: disable=protected-access,invalid-name
# Test when ADD_MAX_WIDTH is True
self.mixin.ADD_MAX_WIDTH = True
safe_html_with_max_width = self.mixin._cleanse_tags(TEST_HTML)
self.assertIn(
'<img src="http://localhost/big.jpg" style="max-width: 100%;"/>',
safe_html_with_max_width)
# Test when ADD_MAX_WIDTH is False
self.mixin.ADD_MAX_WIDTH = False
safe_html_no_max_width = self.mixin._cleanse_tags(TEST_HTML)
self.assertNotIn('max-width', safe_html_no_max_width)
@patch('open_connect.connect_core.utils.mixins.handle_breaks')
@patch('open_connect.connect_core.utils.mixins.clean_html')
@patch.object(SanitizeHTMLMixin, '_cleanse_tags')
def test_sanitize_html(self, mock_rm_tags, mock_clean_html, mock_breaks):
"""Test that sanitize_html runs things"""
result = self.mixin.sanitize_html(TEST_HTML)
self.assertEqual(result, mock_breaks.return_value)
mock_clean_html.assert_called_with(TEST_HTML)
# Confirm that the string replacement happens
clean_html_return = string.replace(mock_clean_html.return_value, '\n',
'<br/>')
mock_rm_tags.assert_called_with(clean_html_return)
mock_breaks.assert_called_with(mock_rm_tags.return_value)
def test_plain_text(self):
"""Test a plain text submission"""
result = self.mixin.sanitize_html(PLAIN_TEXT_MESSAGE)
self.assertEqual(result, 'Line 1<br/><br/>Line 3<br/><br/>Line 7')
message = PLAIN_TEXT_MESSAGE + '<!-- vars:redactor=true -->'
result = self.mixin.sanitize_html(message)
self.assertEqual(result,
'Line 1 Line 3 Line 7 <!-- vars:redactor=true -->')
class SanitizeHTMLMixinTest(TestCase):
"""Tests for SanitizeHTMLMixin."""
def setUp(self):
"""Setup SanitizeHTMLMixin Test"""
self.mixin = SanitizeHTMLMixin()
@patch('open_connect.connect_core.utils.mixins.clean_html', return_value='')
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_sanitize_html_text_calls(self, mock):
"""Test that django's clean_html function is called"""
self.mixin.sanitize_html(TEST_HTML)
mock.called_once_with(TEST_HTML)
def test_handle_breaks(self):
"""Test the handle_breaks function"""
# Use the "safe" html that contains a lot of <br/> tags, spaces and
# newlines
result = handle_breaks(DIRTY_SAFE_HTML)
# Test whitespace, tab and newline removal
self.assertFalse(' ' in result)
self.assertFalse('\n' in result)
self.assertFalse('\t' in result)
# Test Unicode
self.assertTrue(u'Ⴚ' in result)
# Tech space around break removal
self.assertFalse('Hey<br/> Yeah' in result)
self.assertTrue('Hey<br/>Yeah' in result)
# Test multiple linebreak removal
self.assertFalse('<br/><br/><br/>' in result)
self.assertTrue('Testing<br/><br/>Multiple Lines' in result)
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_cleanse_tags(self):
"""Test that invalid html is stripped and valid html is not."""
# pylint: disable=protected-access
safe_html = self.mixin._cleanse_tags(TEST_HTML)
# Test Allowed Tags
self.assertTrue('<strong>' in safe_html)
self.assertTrue('<em>' in safe_html)
self.assertTrue('<a href=' in safe_html)
self.assertTrue('br' in safe_html)
self.assertTrue('img' in safe_html)
# Test Allowed Attributes
self.assertTrue('href=' in safe_html)
self.assertTrue('src=' in safe_html, msg=safe_html)
self.assertTrue('data-embed=' in safe_html, msg=safe_html)
# Test allowed url schemes in links
self.assertTrue('<a href="mailto:[email protected]">hi</a>' in safe_html)
self.assertTrue('<a href="https://thisiscool.com">' in safe_html)
# Test bad url schemes in links
self.assertFalse('<a href="javascript:alert' in safe_html)
self.assertFalse('<a href="ftp://badperson' in safe_html)
# Test Unacceptable HTML
self.assertFalse('iframe' in safe_html)
self.assertFalse('<script>' in safe_html)
self.assertFalse('h1' in safe_html)
self.assertFalse('div' in safe_html)
self.assertFalse('alt=' in safe_html)
# Test Unacceptable Attributes
self.assertFalse('display: none;' in safe_html)
self.assertFalse('width=' in safe_html)
self.assertFalse('height=' in safe_html)
# Test Unicode
self.assertTrue(u'Ⴚ'.encode("utf-8") in safe_html)
# Test src attribute with a valid domain
self.assertTrue('localhost' in safe_html)
# Test src attribute with an invalid domain
self.assertFalse('badbadsite.com' in safe_html)
@override_settings(ALLOWED_HOSTS=['localhost'])
def test_adds_max_width(self):
"""Test that max-width is added to all image tags."""
# pylint: disable=protected-access,invalid-name
# Test when ADD_MAX_WIDTH is True
self.mixin.ADD_MAX_WIDTH = True
safe_html_with_max_width = self.mixin._cleanse_tags(TEST_HTML)
self.assertIn(
'<img src="http://localhost/big.jpg" style="max-width: 100%;"/>',
safe_html_with_max_width)
# Test when ADD_MAX_WIDTH is False
self.mixin.ADD_MAX_WIDTH = False
safe_html_no_max_width = self.mixin._cleanse_tags(TEST_HTML)
self.assertNotIn('max-width', safe_html_no_max_width)
@patch('open_connect.connect_core.utils.mixins.handle_breaks')
@patch('open_connect.connect_core.utils.mixins.clean_html')
@patch.object(SanitizeHTMLMixin, '_cleanse_tags')
def test_sanitize_html(self, mock_rm_tags, mock_clean_html, mock_breaks):
"""Test that sanitize_html runs things"""
result = self.mixin.sanitize_html(TEST_HTML)
self.assertEqual(result, mock_breaks.return_value)
mock_clean_html.assert_called_with(TEST_HTML)
# Confirm that the string replacement happens
clean_html_return = string.replace(
mock_clean_html.return_value, '\n', '<br/>')
mock_rm_tags.assert_called_with(clean_html_return)
mock_breaks.assert_called_with(mock_rm_tags.return_value)
def test_plain_text(self):
"""Test a plain text submission"""
result = self.mixin.sanitize_html(PLAIN_TEXT_MESSAGE)
self.assertEqual(result, 'Line 1<br/><br/>Line 3<br/><br/>Line 7')
message = PLAIN_TEXT_MESSAGE + '<!-- vars:redactor=true -->'
result = self.mixin.sanitize_html(message)
self.assertEqual(
result, 'Line 1 Line 3 Line 7 <!-- vars:redactor=true -->')
