Mercurial > p > roundup > code
comparison test/test_templating.py @ 6284:3f7538316724
issue2551099 - disable processing of data url's in markdown.
Display as plain text.
Added 'data' to templating.py _disable_url_schemes array. User should
be able to re-enable it by changing the array from the tracker's
interfaces.py. Markdown tests failed before the change to
_disable_url_schemes.
Also add second separate data test for ReST and plain text processing.
data url's look like they are already ignored in these proess streams.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 31 Oct 2020 15:43:53 -0400 |
| parents | d30501bafdfb |
| children | fd0bdcbc68e4 |
comparison
equal
deleted
inserted
replaced
| 6283:ab2f0f13a4a6 | 6284:3f7538316724 |
|---|---|
| 279 | 279 |
| 280 </pre> | 280 </pre> |
| 281 </div> | 281 </div> |
| 282 </div> | 282 </div> |
| 283 ''' | 283 ''' |
| 284 # test case to make sure javascript url's aren't turned into links | 284 # test case to make sure javascript and data url's aren't turned |
| 285 s = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<badtag>\njavascript:badcode')) | 285 # into links |
| 286 s_result = '<div class="document">\n<p><badtag>\njavascript:badcode</p>\n</div>\n' | 286 s = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<badtag>\njavascript:badcode data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==')) |
| 287 s_result = '<div class="document">\n<p><badtag>\njavascript:badcode data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==</p>\n</div>\n' | |
| 287 | 288 |
| 288 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw@example.com">cmeerw@example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) | 289 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw@example.com">cmeerw@example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) |
| 289 self.assertEqual(q.rst(), u2s(q_result)) | 290 self.assertEqual(q.rst(), u2s(q_result)) |
| 290 self.assertEqual(r.rst(), u2s(r_result)) | 291 self.assertEqual(r.rst(), u2s(r_result)) |
| 291 self.assertEqual(s.rst(), u2s(s_result)) | 292 self.assertEqual(s.rst(), u2s(s_result)) |
| 487 self.assertTrue(p.markdown().find('href="javascript:') == -1) | 488 self.assertTrue(p.markdown().find('href="javascript:') == -1) |
| 488 | 489 |
| 489 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'[link](javascript:alert(1))')) | 490 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'[link](javascript:alert(1))')) |
| 490 self.assertTrue(p.markdown().find('href="javascript:') == -1) | 491 self.assertTrue(p.markdown().find('href="javascript:') == -1) |
| 491 | 492 |
| 493 def test_string_markdown_data_link(self): | |
| 494 # make sure we don't get a "data:" link | |
| 495 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==>')) | |
| 496 print(p.markdown()) | |
| 497 self.assertTrue(p.markdown().find('href="data:') == -1) | |
| 498 | |
| 499 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'[data link](data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==)')) | |
| 500 print(p.markdown()) | |
| 501 self.assertTrue(p.markdown().find('href="data:') == -1) | |
| 502 | |
| 492 | 503 |
| 493 def test_string_markdown_forced_line_break(self): | 504 def test_string_markdown_forced_line_break(self): |
| 494 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'This is a set of text \n:that should have a break \n:at newlines. Each \n:colon should be the start of an html line')) | 505 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'This is a set of text \n:that should have a break \n:at newlines. Each \n:colon should be the start of an html line')) |
| 495 # sigh different backends render this differently: | 506 # sigh different backends render this differently: |
| 496 # of text <br /> | 507 # of text <br /> |