mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-05-14 14:33:00 +00:00
55 lines
1.8 KiB
Python
55 lines
1.8 KiB
Python
""" make sure only valid html gets to the app """
|
|
from django.test import TestCase
|
|
|
|
from bookwyrm.utils.sanitizer import clean
|
|
|
|
|
|
class Sanitizer(TestCase):
|
|
"""sanitizer tests"""
|
|
|
|
def test_no_html(self):
|
|
"""just text"""
|
|
input_text = "no html "
|
|
output = clean(input_text)
|
|
self.assertEqual(input_text, output)
|
|
|
|
def test_valid_html(self):
|
|
"""leave the html untouched"""
|
|
input_text = "<b>yes </b> <i>html</i>"
|
|
output = clean(input_text)
|
|
self.assertEqual(input_text, output)
|
|
|
|
def test_valid_html_attrs(self):
|
|
"""and don't remove useful attributes"""
|
|
input_text = '<a href="fish.com">yes </a> <i>html</i>'
|
|
output = clean(input_text)
|
|
self.assertEqual(input_text, output)
|
|
|
|
def test_valid_html_invalid_attrs(self):
|
|
"""do remove un-approved attributes"""
|
|
input_text = '<a href="fish.com" fish="hello">yes </a> <i>html</i>'
|
|
output = clean(input_text)
|
|
self.assertEqual(output, '<a href="fish.com">yes </a> <i>html</i>')
|
|
|
|
def test_invalid_html(self):
|
|
"""remove all html when the html is malformed"""
|
|
input_text = "<b>yes <i>html</i>"
|
|
output = clean(input_text)
|
|
self.assertEqual("yes html", output)
|
|
|
|
input_text = "yes <i></b>html </i>"
|
|
output = clean(input_text)
|
|
self.assertEqual("yes html ", output)
|
|
|
|
def test_disallowed_html(self):
|
|
"""remove disallowed html but keep allowed html"""
|
|
input_text = "<div> yes <i>html</i></div>"
|
|
output = clean(input_text)
|
|
self.assertEqual(" yes <i>html</i>", output)
|
|
|
|
def test_escaped_bracket(self):
|
|
"""remove > and <"""
|
|
input_text = "<dev>hi</div>"
|
|
output = clean(input_text)
|
|
self.assertEqual("hi", output)
|