/usr/lib/python2.7/dist-packages/sanitizer/tests.py is in python-django-html-sanitizer 0.1.5-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 | from django import forms
from django.db import models
from django.test import TestCase
from django.test.utils import override_settings
from sanitizer.templatetags.sanitizer import (sanitize, sanitize_allow,
escape_html, strip_filter, strip_html)
from .forms import SanitizedCharField as SanitizedFormField
from .models import SanitizedCharField, SanitizedTextField
ALLOWED_TAGS = ['a']
ALLOWED_ATTRIBUTES = ['href', 'style']
ALLOWED_STYLES = ['width']
class TestingModel(models.Model):
test_field = SanitizedCharField(max_length=255, allowed_tags=ALLOWED_TAGS,
allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
class TestingTextModel(models.Model):
test_field = SanitizedTextField(allowed_tags=ALLOWED_TAGS,
allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
class TestForm(forms.Form):
test_field = SanitizedFormField(allowed_tags=['a'],
allowed_attributes=['href', 'style'], allowed_styles=['width'])
class SanitizerTest(TestCase):
@override_settings(SANITIZER_ALLOWED_TAGS=['a'])
def test_sanitize(self):
""" Test sanitize function in templatetags """
self.assertEqual(sanitize('test<script></script>'),
'test<script></script>')
def test_strip_filter(self):
""" Test strip_html filter """
self.assertEqual(strip_filter('test<script></script>'), 'test')
def test_sanitize_allow(self):
""" Test sanitize_allow function in templatetags """
self.assertEqual(sanitize_allow('test<script></script><br>', 'br'), 'test<br>')
self.assertEqual(sanitize_allow('test<script></script><br/>', 'br'), 'test<br>')
self.assertEqual(sanitize_allow('<a href="">test</a>', 'a'), '<a>test</a>')
self.assertEqual(sanitize_allow('<a href="">test</a>', 'a; href'), '<a href="">test</a>')
def test_SanitizedCharField(self):
TestingModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
test = TestingModel.objects.latest('id')
self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
def test_SanitizedTextField(self):
TestingTextModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
test = TestingTextModel.objects.latest('id')
self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
def test_SanitizedFormField(self):
html = '<a href="" style="width: 200px; height: 400px">foo</a><em class=""></em>'
form = TestForm({ 'test_field': html })
form.is_valid()
self.assertEqual(form.cleaned_data['test_field'],
'<a href="" style="width: 200px;">foo</a><em class=""></em>')
def test_escape_html(self):
html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
self.assertEqual(escape_html(html, allowed_tags='a',
allowed_attributes='href,style', allowed_styles='width'),
'<a href="" style="width: 200px;">foo</a><em></em>')
self.assertEqual(escape_html(html, allowed_tags=['a'],
allowed_attributes=['href', 'style'], allowed_styles=['width']),
'<a href="" style="width: 200px;">foo</a><em></em>')
def test_strip_html(self):
html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
self.assertEqual(strip_html(html, allowed_tags='a',
allowed_attributes='href,style', allowed_styles='width'),
'<a href="" style="width: 200px;">foo</a>')
self.assertEqual(strip_html(html, allowed_tags=['a'],
allowed_attributes=['href', 'style'], allowed_styles=['width']),
'<a href="" style="width: 200px;">foo</a>')
|