Mercurial > p > roundup > code

comparison test/test_templating.py @ 6098:72a281a55a17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Disable rst raw and include directives. reStructuredText has some directives that can include files or pass raw html to the output. Create new property so user can enable raw or include directives if desired. See: https://docutils.sourceforge.io/docs/howto/security.html for details.
author John Rouillard <rouilj@ieee.org>
date Thu, 20 Feb 2020 21:38:32 -0500
parents 90a1470edbea
children 55c56ceacb8e
comparison
equal deleted inserted replaced
6097:90a1470edbea 6098:72a281a55a17
262 def test_string_rst_installed(self): 262 def test_string_rst_installed(self):
263 pass # just so we have a record of a skipped test 263 pass # just so we have a record of a skipped test
264 264
265 def test_string_rst(self): 265 def test_string_rst(self):
266 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'A string with cmeerw@example.com *embedded* \u00df')) 266 p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'A string with cmeerw@example.com *embedded* \u00df'))
267
268 # test case to make sure include directive is disabled
269 q = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'\n\n.. include:: XyZrMt.html\n\n<badtag>\n\n'))
270 q_result=u'''<div class="document">
271 <div class="system-message">
272 <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">&lt;string&gt;</tt>, line 3)</p>
273 <p>&quot;include&quot; directive disabled.</p>
274 <pre class="literal-block">
275 .. include:: XyZrMt.html
276
277 </pre>
278 </div>
279 <p>&lt;badtag&gt;</p>
280 </div>
281 '''
282
283 # test case to make sure raw directive is disabled
284 r = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'\n\n.. raw:: html\n\n <badtag>\n\n'))
285 r_result='''<div class="document">
286 <div class="system-message">
287 <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">&lt;string&gt;</tt>, line 3)</p>
288 <p>&quot;raw&quot; directive disabled.</p>
289 <pre class="literal-block">
290 .. raw:: html
291
292 &lt;badtag&gt;
293
294 </pre>
295 </div>
296 </div>
297 '''
267 if ReStructuredText: 298 if ReStructuredText:
268 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw&#64;example.com">cmeerw&#64;example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) 299 self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw&#64;example.com">cmeerw&#64;example.com</a> <em>embedded</em> \u00df</p>\n</div>\n'))
300 self.assertEqual(q.rst(), u2s(q_result))
301 self.assertEqual(r.rst(), u2s(r_result))
269 else: 302 else:
270 self.assertEqual(p.rst(), u2s(u'A string with <a href="mailto:cmeerw@example.com">cmeerw@example.com</a> *embedded* \u00df')) 303 self.assertEqual(p.rst(), u2s(u'A string with <a href="mailto:cmeerw@example.com">cmeerw@example.com</a> *embedded* \u00df'))
271 304
272 @skip_stext 305 @skip_stext
273 def test_string_stext_installed(self): 306 def test_string_stext_installed(self):
Roundup Issue Tracker: http://roundup-tracker.org/