Mercurial > p > roundup > code
diff test/test_templating.py @ 6284:3f7538316724
issue2551099 - disable processing of data url's in markdown.
Display as plain text.
Added 'data' to templating.py _disable_url_schemes array. User should
be able to re-enable it by changing the array from the tracker's
interfaces.py. Markdown tests failed before the change to
_disable_url_schemes.
Also add second separate data test for ReST and plain text processing.
data url's look like they are already ignored in these proess streams.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 31 Oct 2020 15:43:53 -0400 |
| parents | d30501bafdfb |
| children | fd0bdcbc68e4 |
line wrap: on
line diff
--- a/test/test_templating.py Sat Oct 31 14:54:46 2020 -0400 +++ b/test/test_templating.py Sat Oct 31 15:43:53 2020 -0400 @@ -281,9 +281,10 @@ </div> </div> ''' - # test case to make sure javascript url's aren't turned into links - s = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<badtag>\njavascript:badcode')) - s_result = '<div class="document">\n<p><badtag>\njavascript:badcode</p>\n</div>\n' + # test case to make sure javascript and data url's aren't turned + # into links + s = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<badtag>\njavascript:badcode data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==')) + s_result = '<div class="document">\n<p><badtag>\njavascript:badcode data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==</p>\n</div>\n' self.assertEqual(p.rst(), u2s(u'<div class="document">\n<p>A string with <a class="reference external" href="mailto:cmeerw@example.com">cmeerw@example.com</a> <em>embedded</em> \u00df</p>\n</div>\n')) self.assertEqual(q.rst(), u2s(q_result)) @@ -489,6 +490,16 @@ p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'[link](javascript:alert(1))')) self.assertTrue(p.markdown().find('href="javascript:') == -1) + def test_string_markdown_data_link(self): + # make sure we don't get a "data:" link + p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'<data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==>')) + print(p.markdown()) + self.assertTrue(p.markdown().find('href="data:') == -1) + + p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'[data link](data:text/plain;base64,SGVsbG8sIFdvcmxkIQ==)')) + print(p.markdown()) + self.assertTrue(p.markdown().find('href="data:') == -1) + def test_string_markdown_forced_line_break(self): p = StringHTMLProperty(self.client, 'test', '1', None, 'test', u2s(u'This is a set of text \n:that should have a break \n:at newlines. Each \n:colon should be the start of an html line'))