Mercurial > p > roundup > code
comparison test/test_templating.py @ 6098:72a281a55a17
Disable rst raw and include directives.
reStructuredText has some directives that can include files or pass
raw html to the output.
Create new property so user can enable raw or include directives if
desired. See: https://docutils.sourceforge.io/docs/howto/security.html
for details.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 20 Feb 2020 21:38:32 -0500 |
| parents | 90a1470edbea |
| children | 55c56ceacb8e |
comparison
equal
deleted
inserted
replaced
| 6097:90a1470edbea | 6098:72a281a55a17 |
|---|---|
| 262 def test_string_rst_installed(self): | 262 def test_string_rst_installed(self): |
| 263 pass # just so we have a record of a skipped test | 263 pass # just so we have a record of a skipped test |
| 264 | 264 |
| 265 def test_string_rst(self): | 265 def test_string_rst(self): |
| 266 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'A string with cmeerw@example.com *embedded* \u00df')) | 266 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'A string with cmeerw@example.com *embedded* \u00df')) |
| 267 | |
| 268 # test case to make sure include directive is disabled | |
| 269 q = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'\n\n.. include:: XyZrMt.html\n\n<badtag>\n\n')) | |
| 270 q_result=u'''<div class="document"> | |
| 271 <div class="system-message"> | |
| 272 <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils"><string></tt>, line 3)</p> | |
| 273 <p>"include" directive disabled.</p> | |
| 274 <pre class="literal-block"> | |
| 275 .. include:: XyZrMt.html | |
| 276 | |
| 277 </pre> | |
| 278 </div> | |
| 279 <p><badtag></p> | |
| 280 </div> | |
| 281 ''' | |
| 282 | |
| 283 # test case to make sure raw directive is disabled | |
| 284 r = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'\n\n.. raw:: html\n\n <badtag>\n\n')) | |
| 285 r_result='''<div class="document"> | |
| 286 <div class="system-message"> | |
| 287 <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils"><string></tt>, line 3)</p> | |
| 288 <p>"raw" directive disabled.</p> | |
| 289 <pre class="literal-block"> | |
| 290 .. raw:: html | |
| 291 | |
| 292 <badtag> | |
| 293 | |
| 294 </pre> | |
| 295 </div> | |
| 296 </div> | |
| 297 ''' | |
| 267 if ReStructuredText: | 298 if ReStructuredText: |
| 268 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw@example.com">cmeerw@example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) | 299 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw@example.com">cmeerw@example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) |
| 300 self.assertEqual(q.rst(), u2s(q_result)) | |
| 301 self.assertEqual(r.rst(), u2s(r_result)) | |
| 269 else: | 302 else: |
| 270 self.assertEqual(p.rst(), u2s(u'A string with <a href="mailto:cmeerw@example.com">cmeerw@example.com</a> *embedded* \u00df')) | 303 self.assertEqual(p.rst(), u2s(u'A string with <a href="mailto:cmeerw@example.com">cmeerw@example.com</a> *embedded* \u00df')) |
| 271 | 304 |
| 272 @skip_stext | 305 @skip_stext |
| 273 def test_string_stext_installed(self): | 306 def test_string_stext_installed(self): |
