FilesExpand file tree

 python-bug20007

/

test_sanitizer.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

105 lines (86 loc) · 4.54 KB

 python-bug20007

/

test_sanitizer.py

Top

File metadata and controls

• Code
• Blame

105 lines (86 loc) · 4.54 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

from __future__ import absolute_import, division, unicode_literals

try:

import json

except ImportError:

import simplejson as json

from html5lib import html5parser, sanitizer, constants, treebuilders

def toxmlFactory():

tree = treebuilders.getTreeBuilder("etree")

def toxml(element):

# encode/decode roundtrip required for Python 2.6 compatibility

result_bytes = tree.implementation.tostring(element, encoding="utf-8")

return result_bytes.decode("utf-8")

return toxml

def runSanitizerTest(name, expected, input, toxml=None):

if toxml is None:

toxml = toxmlFactory()

expected = ''.join([toxml(token) for token in html5parser.HTMLParser().

parseFragment(expected)])

expected = json.loads(json.dumps(expected))

assert expected == sanitize_html(input)

def sanitize_html(stream, toxml=None):

if toxml is None:

toxml = toxmlFactory()

return ''.join([toxml(token) for token in

html5parser.HTMLParser(tokenizer=sanitizer.HTMLSanitizer).

parseFragment(stream)])

def test_should_handle_astral_plane_characters():

assert '<html:p xmlns:html="http://www.w3.org/1999/xhtml">\U0001d4b5 \U0001d538</html:p>' == sanitize_html("<p>&#x1d4b5; &#x1d538;</p>")

def test_sanitizer():

toxml = toxmlFactory()

for tag_name in sanitizer.HTMLSanitizer.allowed_elements:

if tag_name in ['caption', 'col', 'colgroup', 'optgroup', 'option', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr']:

continue # TODO

if tag_name != tag_name.lower():

continue # TODO

if tag_name == 'image':

yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name,

"<img title=\"1\"/>foo &lt;bad&gt;bar&lt;/bad&gt; baz",

"<%s title='1'>foo <bad>bar</bad> baz</%s>" % (tag_name, tag_name),

toxml)

elif tag_name == 'br':

yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name,

"<br title=\"1\"/>foo &lt;bad&gt;bar&lt;/bad&gt; baz<br/>",

"<%s title='1'>foo <bad>bar</bad> baz</%s>" % (tag_name, tag_name),

toxml)

elif tag_name in constants.voidElements:

yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name,

"<%s title=\"1\"/>foo &lt;bad&gt;bar&lt;/bad&gt; baz" % tag_name,

"<%s title='1'>foo <bad>bar</bad> baz</%s>" % (tag_name, tag_name),

toxml)

else:

yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name,

"<%s title=\"1\">foo &lt;bad&gt;bar&lt;/bad&gt; baz</%s>" % (tag_name, tag_name),

"<%s title='1'>foo <bad>bar</bad> baz</%s>" % (tag_name, tag_name),

toxml)

for tag_name in sanitizer.HTMLSanitizer.allowed_elements:

tag_name = tag_name.upper()

yield (runSanitizerTest, "test_should_forbid_%s_tag" % tag_name,

"&lt;%s title=\"1\"&gt;foo &lt;bad&gt;bar&lt;/bad&gt; baz&lt;/%s&gt;" % (tag_name, tag_name),

"<%s title='1'>foo <bad>bar</bad> baz</%s>" % (tag_name, tag_name),

toxml)

for attribute_name in sanitizer.HTMLSanitizer.allowed_attributes:

if attribute_name != attribute_name.lower():

continue # TODO

if attribute_name == 'style':

continue

yield (runSanitizerTest, "test_should_allow_%s_attribute" % attribute_name,

"<p %s=\"foo\">foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>" % attribute_name,

"<p %s='foo'>foo <bad>bar</bad> baz</p>" % attribute_name,

toxml)

for attribute_name in sanitizer.HTMLSanitizer.allowed_attributes:

attribute_name = attribute_name.upper()

yield (runSanitizerTest, "test_should_forbid_%s_attribute" % attribute_name,

"<p>foo &lt;bad&gt;bar&lt;/bad&gt; baz</p>",

"<p %s='display: none;'>foo <bad>bar</bad> baz</p>" % attribute_name,

toxml)

for protocol in sanitizer.HTMLSanitizer.allowed_protocols:

yield (runSanitizerTest, "test_should_allow_%s_uris" % protocol,

"<a href=\"%s\">foo</a>" % protocol,

"""<a href="%s">foo</a>""" % protocol,

toxml)

for protocol in sanitizer.HTMLSanitizer.allowed_protocols:

yield (runSanitizerTest, "test_should_allow_uppercase_%s_uris" % protocol,

"<a href=\"%s\">foo</a>" % protocol,

"""<a href="%s">foo</a>""" % protocol,

toxml)