Mercurial > p > roundup > code
view test/test_init.py @ 4880:ca692423e401
Different approach to fix XSS in issue2550817
Encapsulate the error/ok message append method as add_ok_message and
add_error_message. The new approach escapes the messages when appending
-- at a point in the code where we still know where the message comes
from. Escaping is the default but can bei turned off. This also fixes
issue2550836 where certain messages may contain links.
Another advantage of the new fix is that users don't need to change
installed trackers and are secure by default.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 31 Mar 2014 18:19:23 +0200 |
| parents | edb171528a7d |
| children | 364c54991861 |
line wrap: on
line source
#-*- encoding: utf8 -*- import unittest, os, pprint, difflib, textwrap from roundup.init import loadTemplateInfo class TemplateInfoTestCase(unittest.TestCase): def testLoadTemplateInfo(self): path = os.path.join(os.path.dirname(__file__), '../share/roundup/templates/classic') self.maxDiff = None self.assertEqual( loadTemplateInfo(path), { 'description': textwrap.dedent('''\ This is a generic issue tracker that may be used to track bugs, feature requests, project issues or any number of other types of issues. Most users of Roundup will find that this template suits them, with perhaps a few customisations.'''), 'intended-for': 'All first-time Roundup users', 'name': 'classic', 'path': path } ) def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(TemplateInfoTestCase)) return suite if __name__ == '__main__': runner = unittest.TextTestRunner() unittest.main(testRunner=runner) # vim: set et sts=4 sw=4 :