moviewyrm/bookwyrm/tests/test_sanitize_html.py

""" make sure only valid html gets to the app """
from django.test import TestCase

from bookwyrm.sanitize_html import InputHtmlParser


class Sanitizer(TestCase):
    """sanitizer tests"""

    def test_no_html(self):
        """just text"""
        input_text = "no      html  "
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual(input_text, output)

    def test_valid_html(self):
        """leave the html untouched"""
        input_text = "<b>yes    </b> <i>html</i>"
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual(input_text, output)

    def test_valid_html_attrs(self):
        """and don't remove useful attributes"""
        input_text = '<a href="fish.com">yes    </a> <i>html</i>'
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual(input_text, output)

    def test_valid_html_invalid_attrs(self):
        """do remove un-approved attributes"""
        input_text = '<a href="fish.com" fish="hello">yes    </a> <i>html</i>'
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual(output, '<a href="fish.com">yes    </a> <i>html</i>')

    def test_invalid_html(self):
        """remove all html when the html is malformed"""
        input_text = "<b>yes  <i>html</i>"
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual("yes  html", output)

        input_text = "yes <i></b>html   </i>"
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual("yes html   ", output)

    def test_disallowed_html(self):
        """remove disallowed html but keep allowed html"""
        input_text = "<div>  yes <i>html</i></div>"
        parser = InputHtmlParser()
        parser.feed(input_text)
        output = parser.get_output()
        self.assertEqual("  yes <i>html</i>", output)
Runs black 2021-03-08 16:49:10 +00:00			`""" make sure only valid html gets to the app """`
more tests 2020-05-10 02:48:30 +00:00			`from django.test import TestCase`

Updates migrations To get the app working again I ran resetdb, let it crash in initdb, then ran the migration, then re-ran initdb 2020-09-21 15:10:37 +00:00			`from bookwyrm.sanitize_html import InputHtmlParser`
more tests 2020-05-10 02:48:30 +00:00
Runs black 2021-03-08 16:49:10 +00:00
more tests 2020-05-10 02:48:30 +00:00			`class Sanitizer(TestCase):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""sanitizer tests"""`
Runs black 2021-03-08 16:49:10 +00:00
more tests 2020-05-10 02:48:30 +00:00			`def test_no_html(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""just text"""`
Runs black 2021-03-08 16:49:10 +00:00			`input_text = "no html "`
more tests 2020-05-10 02:48:30 +00:00			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
			`self.assertEqual(input_text, output)`

			`def test_valid_html(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""leave the html untouched"""`
Runs black 2021-03-08 16:49:10 +00:00			`input_text = "<b>yes </b> <i>html</i>"`
more tests 2020-05-10 02:48:30 +00:00			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
			`self.assertEqual(input_text, output)`

			`def test_valid_html_attrs(self):`
Adds allowlist for html attrs 2022-02-03 21:15:06 +00:00			`"""and don't remove useful attributes"""`
more tests 2020-05-10 02:48:30 +00:00			`input_text = '<a href="fish.com">yes </a> <i>html</i>'`
			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
			`self.assertEqual(input_text, output)`

Adds allowlist for html attrs 2022-02-03 21:15:06 +00:00			`def test_valid_html_invalid_attrs(self):`
			`"""do remove un-approved attributes"""`
			`input_text = '<a href="fish.com" fish="hello">yes </a> <i>html</i>'`
			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
Python formatting 2022-02-03 21:19:56 +00:00			`self.assertEqual(output, '<a href="fish.com">yes </a> <i>html</i>')`
Adds allowlist for html attrs 2022-02-03 21:15:06 +00:00
more tests 2020-05-10 02:48:30 +00:00			`def test_invalid_html(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""remove all html when the html is malformed"""`
Runs black 2021-03-08 16:49:10 +00:00			`input_text = "<b>yes <i>html</i>"`
more tests 2020-05-10 02:48:30 +00:00			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
Runs black 2021-03-08 16:49:10 +00:00			`self.assertEqual("yes html", output)`
more tests 2020-05-10 02:48:30 +00:00
Runs black 2021-03-08 16:49:10 +00:00			`input_text = "yes <i></b>html </i>"`
more tests 2020-05-10 02:48:30 +00:00			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
Runs black 2021-03-08 16:49:10 +00:00			`self.assertEqual("yes html ", output)`
more tests 2020-05-10 02:48:30 +00:00
			`def test_disallowed_html(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""remove disallowed html but keep allowed html"""`
Runs black 2021-03-08 16:49:10 +00:00			`input_text = "<div> yes <i>html</i></div>"`
more tests 2020-05-10 02:48:30 +00:00			`parser = InputHtmlParser()`
			`parser.feed(input_text)`
			`output = parser.get_output()`
Runs black 2021-03-08 16:49:10 +00:00			`self.assertEqual(" yes <i>html</i>", output)`