Mercurial > p > roundup > code
view test/test_init.py @ 4851:24b8011cd2dc
Fix XSS in issue2550817
Note that the code that triggers that particular bug is no longer in
roundup core. But the change to the templates we suggest is a *lot*
safer as it always escapes the error and ok messages now.
If you are upgrading: you *MUST* read doc/upgrading.txt and do the
necessary changes to your templates, the escaping now happens in the
template and not in the roundup code. So if you don't make the necessary
changes *you are vulnerable*.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Fri, 20 Dec 2013 18:24:10 +0100 |
| parents | edb171528a7d |
| children | 364c54991861 |
line wrap: on
line source
#-*- encoding: utf8 -*- import unittest, os, pprint, difflib, textwrap from roundup.init import loadTemplateInfo class TemplateInfoTestCase(unittest.TestCase): def testLoadTemplateInfo(self): path = os.path.join(os.path.dirname(__file__), '../share/roundup/templates/classic') self.maxDiff = None self.assertEqual( loadTemplateInfo(path), { 'description': textwrap.dedent('''\ This is a generic issue tracker that may be used to track bugs, feature requests, project issues or any number of other types of issues. Most users of Roundup will find that this template suits them, with perhaps a few customisations.'''), 'intended-for': 'All first-time Roundup users', 'name': 'classic', 'path': path } ) def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(TemplateInfoTestCase)) return suite if __name__ == '__main__': runner = unittest.TextTestRunner() unittest.main(testRunner=runner) # vim: set et sts=4 sw=4 :