def link_entity(props): """ <a linktype="page" id="1">internal page link</a> """ id_ = props.get('id') link_props = {} if id_ is not None: link_props['linktype'] = 'page' link_props['id'] = id_ else: link_props['href'] = check_url(props.get('url')) return DOM.create_element('a', link_props, props['children'])
def link_entity(props): """ <a linktype="page" id="1">internal page link</a> """ id_ = props.get("id") link_props = {} if id_ is not None: link_props["linktype"] = "page" link_props["id"] = id_ else: link_props["href"] = check_url(props.get("url")) return DOM.create_element("a", link_props, props["children"])
def test_crafty_disallowed_url_scheme(self): """ Some URL parsers do not parse 'jav\tascript:' as a valid scheme. Browsers, however, do. The checker needs to catch these crafty schemes """ self.assertFalse(bool(check_url("jav\tascript:alert('XSS')")))
def test_disallowed_url_scheme(self): self.assertFalse(bool(check_url("invalid://url")))
def test_allowed_url_schemes(self): for url_scheme in ["", "http", "https", "ftp", "mailto", "tel"]: url = url_scheme + "://www.example.com" self.assertTrue(bool(check_url(url)))
def test_allowed_url_schemes(self): for url_scheme in ['', 'http', 'https', 'ftp', 'mailto', 'tel']: url = url_scheme + "://www.example.com" self.assertTrue(bool(check_url(url)))