def test_escape_html(self): assert_equal(sanitize.clean_tag("<script> evil code </script>"), "<script> evil code </script>") assert_equal( sanitize.clean_tag("<img src=javascript:moreevil><img>"), "<img src="javascript:moreevil"><img>", ) assert_equal(sanitize.clean_tag("<iframe src=evilsite>"), "<iframe src="evilsite">") assert_equal( sanitize.clean_tag(");</span><script></script><span>"), ");</span><script></script><span>", )
def project_removetag(auth, node, **kwargs): tag = clean_tag(kwargs['tag']) if tag: node.remove_tag(tag=tag, auth=auth) return {'status': 'success'}
def test_escape_html(self): assert_equal( sanitize.clean_tag('<script> evil code </script>'), '<script> evil code </script>', ) assert_equal( sanitize.clean_tag('<img src=javascript:moreevil><img>'), '<img src="javascript:moreevil"><img>', ) assert_equal( sanitize.clean_tag('<iframe src=evilsite>'), '<iframe src="evilsite">', ) assert_equal( sanitize.clean_tag(');</span><script></script><span>'), ');</span><script></script><span>', )
def project_removetag(auth, **kwargs): tag = clean_tag(kwargs['tag']) node = kwargs['node'] or kwargs['project'] if tag: node.remove_tag(tag=tag, auth=auth) return {'status': 'success'}
def project_addtag(auth, node, **kwargs): tag = clean_tag(kwargs['tag']) if tag: try: node.add_tag(tag=tag, auth=auth) return {'status': 'success'}, http.CREATED except ValidationError: return {'status': 'error'}, http.BAD_REQUEST
def test_clean_tag(self): assert_equal( sanitize.clean_tag('\'\'\'\'\'"""""""<script></script>'), ''''''"""""""<script></script>', )