示例#1
0
 def test_unicode_url(self):
     # IPA extensions
     html = HTML(u'<div style="background-image:uʀʟ(javascript:alert())">'
                 u'XSS</div>')
     self.assertEqual('<div>XSS</div>', unicode(html | TracHTMLSanitizer()))
示例#2
0
 def sanitize(self, html):
     sanitizer = TracHTMLSanitizer(safe_schemes=self.safe_schemes,
                                   safe_origins=self.safe_origins)
     return unicode(sanitizer.sanitize(html))
示例#3
0
 def sanitize(self, html):
     sanitizer = TracHTMLSanitizer(safe_schemes=self.safe_schemes,
                                   safe_origins=self.safe_origins)
     return unicode(HTML(html, encoding='utf-8') | sanitizer)
示例#4
0
文件: txtl.py 项目: starworldx/trac 
 def _sanitizer(self):
     wikisys = WikiSystem(self.env)
     return TracHTMLSanitizer(safe_schemes=wikisys.safe_schemes,
                              safe_origins=wikisys.safe_origins)
示例#5
0
# you should have received as part of this distribution. The terms
# are also available at http://trac.edgewall.com/license.html.
#
# Author: Christian Boos <*****@*****.**>
#         Mikael Relbe <*****@*****.**>

import re
import string

from trac.util.html import Markup, html as tag

from trac.util import arity
from trac.util.compat import sorted
from trac.util.html import TracHTMLSanitizer
if hasattr(TracHTMLSanitizer, 'sanitize_attrs'):
    sanitizer = TracHTMLSanitizer()
    from trac.util.html import Element
else:
    sanitizer = None
    from genshi.builder import Stream
from trac.wiki.api import WikiSystem


def prepare_regexp(d):
    syms = d.keys()
    syms.sort(lambda a, b: cmp(len(b), len(a)))
    return "|".join([
        r'%s%s%s' % (r'\b' if re.match(r'\w', s[0]) else '', re.escape(s),
                     r'\b' if re.match(r'\w', s[-1]) else '') for s in syms
    ])
示例#6
0
 def test_capital_expression(self):
     html = HTML('<div style="top:EXPRESSION(alert())">XSS</div>',
                 encoding='utf-8')
     self.assertEqual('<div>XSS</div>', unicode(html | TracHTMLSanitizer()))
示例#7
0
 def test_capital_url_with_javascript(self):
     html = HTML(
         '<div style="background-image:URL(javascript:alert())">'
         'XSS</div>',
         encoding='utf-8')
     self.assertEqual('<div>XSS</div>', unicode(html | TracHTMLSanitizer()))
示例#8
0
 def __init__(self):
     wiki = WikiSystem(self.env)
     if not wiki.render_unsafe_content:
         self.sanitizer = TracHTMLSanitizer(wiki.safe_schemes)
示例#9
0
 def __init__(self):
     self.log.info('version: %s - id: %s', __version__, str(__id__))
     wiki = WikiSystem(self.env)
     if not wiki.render_unsafe_content:
         self.sanitizer = TracHTMLSanitizer(wiki.safe_schemes)
示例#10
0
 def sanitize(self, html):
     return unicode(HTML(html, encoding='utf-8') | TracHTMLSanitizer())
示例#11
0
 def sanitize(self, html):
     return unicode(TracHTMLSanitizer().sanitize(html))
示例#12
0
 def test_unicode_escapes(self):
     html = HTML(
         r'<div style="top:exp\72 ess\000069 on(alert())">'
         r'XSS</div>',
         encoding='utf-8')
     self.assertEqual('<div>XSS</div>', unicode(html | TracHTMLSanitizer()))