Acasă Explorează Ajutor
Autentificare
CityApper
/
django
oglindă de https://github.com/django/django
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: 560b4207b1
Ramuri Etichete
django
/
tests
/
utils_tests
/
test_html.py

test_html.py 8.1 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. # -*- coding: utf-8 -*-
    2. 

  2. from __future__ import unicode_literals
    3. 

  3. 

  4. from datetime import datetime
    5. 

  5. import os
    6. 

  6. from unittest import TestCase
    7. 

  7. import warnings
    8. 

  8. 

  9. from django.utils import html, safestring
    10. 

  10. from django.utils._os import upath
    11. 

  11. from django.utils.encoding import force_text
    12. 

  12. 

  13. 

  14. class TestUtilsHtml(TestCase):
    15. 

  15. 

  16.     def check_output(self, function, value, output=None):
    17. 

  17.         """
    18. 

  18.         Check that function(value) equals output.  If output is None,
    19. 

  19.         check that function(value) equals value.
    20. 

  20.         """
    21. 

  21.         if output is None:
    22. 

  22.             output = value
    23. 

  23.         self.assertEqual(function(value), output)
    24. 

  24. 

  25.     def test_escape(self):
    26. 

  26.         f = html.escape
    27. 

  27.         items = (
    28. 

  28.             ('&', '&'),
    29. 

  29.             ('<', '&lt;'),
    30. 

  30.             ('>', '&gt;'),
    31. 

  31.             ('"', '&quot;'),
    32. 

  32.             ("'", '&#39;'),
    33. 

  33.         )
    34. 

  34.         # Substitution patterns for testing the above items.
    35. 

  35.         patterns = ("%s", "asdf%sfdsa", "%s1", "1%sb")
    36. 

  36.         for value, output in items:
    37. 

  37.             for pattern in patterns:
    38. 

  38.                 self.check_output(f, pattern % value, pattern % output)
    39. 

  39.             # Check repeated values.
    40. 

  40.             self.check_output(f, value * 2, output * 2)
    41. 

  41.         # Verify it doesn't double replace &.
    42. 

  42.         self.check_output(f, '<&', '&lt;&amp;')
    43. 

  43. 

  44.     def test_format_html(self):
    45. 

  45.         self.assertEqual(
    46. 

  46.             html.format_html("{} {} {third} {fourth}",
    47. 

  47.                              "< Dangerous >",
    48. 

  48.                              html.mark_safe("<b>safe</b>"),
    49. 

  49.                              third="< dangerous again",
    50. 

  50.                              fourth=html.mark_safe("<i>safe again</i>")
    51. 

  51.                              ),
    52. 

  52.             "&lt; Dangerous &gt; <b>safe</b> &lt; dangerous again <i>safe again</i>"
    53. 

  53.         )
    54. 

  54. 

  55.     def test_linebreaks(self):
    56. 

  56.         f = html.linebreaks
    57. 

  57.         items = (
    58. 

  58.             ("para1\n\npara2\r\rpara3", "<p>para1</p>\n\n<p>para2</p>\n\n<p>para3</p>"),
    59. 

  59.             ("para1\nsub1\rsub2\n\npara2", "<p>para1<br />sub1<br />sub2</p>\n\n<p>para2</p>"),
    60. 

  60.             ("para1\r\n\r\npara2\rsub1\r\rpara4", "<p>para1</p>\n\n<p>para2<br />sub1</p>\n\n<p>para4</p>"),
    61. 

  61.             ("para1\tmore\n\npara2", "<p>para1\tmore</p>\n\n<p>para2</p>"),
    62. 

  62.         )
    63. 

  63.         for value, output in items:
    64. 

  64.             self.check_output(f, value, output)
    65. 

  65. 

  66.     def test_strip_tags(self):
    67. 

  67.         f = html.strip_tags
    68. 

  68.         items = (
    69. 

  69.             ('<p>See: &#39;&eacute; is an apostrophe followed by e acute</p>',
    70. 

  70.              'See: &#39;&eacute; is an apostrophe followed by e acute'),
    71. 

  71.             ('<adf>a', 'a'),
    72. 

  72.             ('</adf>a', 'a'),
    73. 

  73.             ('<asdf><asdf>e', 'e'),
    74. 

  74.             ('hi, <f x', 'hi, <f x'),
    75. 

  75.             ('234<235, right?', '234<235, right?'),
    76. 

  76.             ('a4<a5 right?', 'a4<a5 right?'),
    77. 

  77.             ('b7>b2!', 'b7>b2!'),
    78. 

  78.             ('</fe', '</fe'),
    79. 

  79.             ('<x>b<y>', 'b'),
    80. 

  80.             ('a<p onclick="alert(\'<test>\')">b</p>c', 'abc'),
    81. 

  81.             ('a<p a >b</p>c', 'abc'),
    82. 

  82.             ('d<a:b c:d>e</p>f', 'def'),
    83. 

  83.             ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'),
    84. 

  84.         )
    85. 

  85.         for value, output in items:
    86. 

  86.             self.check_output(f, value, output)
    87. 

  87. 

  88.         # Some convoluted syntax for which parsing may differ between python versions
    89. 

  89.         output = html.strip_tags('<sc<!-- -->ript>test<<!-- -->/script>')
    90. 

  90.         self.assertNotIn('<script>', output)
    91. 

  91.         self.assertIn('test', output)
    92. 

  92.         output = html.strip_tags('<script>alert()</script>&h')
    93. 

  93.         self.assertNotIn('<script>', output)
    94. 

  94.         self.assertIn('alert()', output)
    95. 

  95. 

  96.         # Test with more lengthy content (also catching performance regressions)
    97. 

  97.         for filename in ('strip_tags1.html', 'strip_tags2.txt'):
    98. 

  98.             path = os.path.join(os.path.dirname(upath(__file__)), 'files', filename)
    99. 

  99.             with open(path, 'r') as fp:
    100. 

  100.                 content = force_text(fp.read())
    101. 

  101.                 start = datetime.now()
    102. 

  102.                 stripped = html.strip_tags(content)
    103. 

  103.                 elapsed = datetime.now() - start
    104. 

  104.             self.assertEqual(elapsed.seconds, 0)
    105. 

  105.             self.assertIn("Please try again.", stripped)
    106. 

  106.             self.assertNotIn('<', stripped)
    107. 

  107. 

  108.     def test_strip_spaces_between_tags(self):
    109. 

  109.         f = html.strip_spaces_between_tags
    110. 

  110.         # Strings that should come out untouched.
    111. 

  111.         items = (' <adf>', '<adf> ', ' </adf> ', ' <f> x</f>')
    112. 

  112.         for value in items:
    113. 

  113.             self.check_output(f, value)
    114. 

  114.         # Strings that have spaces to strip.
    115. 

  115.         items = (
    116. 

  116.             ('<d> </d>', '<d></d>'),
    117. 

  117.             ('<p>hello </p>\n<p> world</p>', '<p>hello </p><p> world</p>'),
    118. 

  118.             ('\n<p>\t</p>\n<p> </p>\n', '\n<p></p><p></p>\n'),
    119. 

  119.         )
    120. 

  120.         for value, output in items:
    121. 

  121.             self.check_output(f, value, output)
    122. 

  122. 

  123.     def test_strip_entities(self):
    124. 

  124.         f = html.strip_entities
    125. 

  125.         # Strings that should come out untouched.
    126. 

  126.         values = ("&", "&a", "&a", "a&#a")
    127. 

  127.         for value in values:
    128. 

  128.             with warnings.catch_warnings(record=True):
    129. 

  129.                 warnings.simplefilter("always")
    130. 

  130.                 self.check_output(f, value)
    131. 

  131.         # Valid entities that should be stripped from the patterns.
    132. 

  132.         entities = ("&#1;", "&#12;", "&a;", "&fdasdfasdfasdf;")
    133. 

  133.         patterns = (
    134. 

  134.             ("asdf %(entity)s ", "asdf  "),
    135. 

  135.             ("%(entity)s%(entity)s", ""),
    136. 

  136.             ("&%(entity)s%(entity)s", "&"),
    137. 

  137.             ("%(entity)s3", "3"),
    138. 

  138.         )
    139. 

  139.         for entity in entities:
    140. 

  140.             for in_pattern, output in patterns:
    141. 

  141.                 with warnings.catch_warnings(record=True):
    142. 

  142.                     warnings.simplefilter("always")
    143. 

  143.                     self.check_output(f, in_pattern % {'entity': entity}, output)
    144. 

  144. 

  145.     def test_escapejs(self):
    146. 

  146.         f = html.escapejs
    147. 

  147.         items = (
    148. 

  148.             ('"double quotes" and \'single quotes\'', '\\u0022double quotes\\u0022 and \\u0027single quotes\\u0027'),
    149. 

  149.             (r'\ : backslashes, too', '\\u005C : backslashes, too'),
    150. 

  150.             ('and lots of whitespace: \r\n\t\v\f\b', 'and lots of whitespace: \\u000D\\u000A\\u0009\\u000B\\u000C\\u0008'),
    151. 

  151.             (r'<script>and this</script>', '\\u003Cscript\\u003Eand this\\u003C/script\\u003E'),
    152. 

  152.             ('paragraph separator:\u2029and line separator:\u2028', 'paragraph separator:\\u2029and line separator:\\u2028'),
    153. 

  153.         )
    154. 

  154.         for value, output in items:
    155. 

  155.             self.check_output(f, value, output)
    156. 

  156. 

  157.     def test_remove_tags(self):
    158. 

  158.         f = html.remove_tags
    159. 

  159.         items = (
    160. 

  160.             ("<b><i>Yes</i></b>", "b i", "Yes"),
    161. 

  161.             ("<a>x</a> <p><b>y</b></p>", "a b", "x <p>y</p>"),
    162. 

  162.         )
    163. 

  163.         for value, tags, output in items:
    164. 

  164.             with warnings.catch_warnings(record=True):
    165. 

  165.                 warnings.simplefilter("always")
    166. 

  166.                 self.assertEqual(f(value, tags), output)
    167. 

  167. 

  168.     def test_smart_urlquote(self):
    169. 

  169.         quote = html.smart_urlquote
    170. 

  170.         # Ensure that IDNs are properly quoted
    171. 

  171.         self.assertEqual(quote('http://öäü.com/'), 'http://xn--4ca9at.com/')
    172. 

  172.         self.assertEqual(quote('http://öäü.com/öäü/'), 'http://xn--4ca9at.com/%C3%B6%C3%A4%C3%BC/')
    173. 

  173.         # Ensure that everything unsafe is quoted, !*'();:@&=+$,/?#[]~ is considered safe as per RFC
    174. 

  174.         self.assertEqual(quote('http://example.com/path/öäü/'), 'http://example.com/path/%C3%B6%C3%A4%C3%BC/')
    175. 

  175.         self.assertEqual(quote('http://example.com/%C3%B6/ä/'), 'http://example.com/%C3%B6/%C3%A4/')
    176. 

  176.         self.assertEqual(quote('http://example.com/?x=1&y=2+3&z='), 'http://example.com/?x=1&y=2+3&z=')
    177. 

  177.         self.assertEqual(quote('http://example.com/?x=<>"\''), 'http://example.com/?x=%3C%3E%22%27')
    178. 

  178.         self.assertEqual(quote('http://example.com/?q=http://example.com/?x=1%26q=django'),
    179. 

  179.                          'http://example.com/?q=http%3A%2F%2Fexample.com%2F%3Fx%3D1%26q%3Ddjango')
    180. 

  180.         self.assertEqual(quote('http://example.com/?q=http%3A%2F%2Fexample.com%2F%3Fx%3D1%26q%3Ddjango'),
    181. 

  181.                          'http://example.com/?q=http%3A%2F%2Fexample.com%2F%3Fx%3D1%26q%3Ddjango')
    182. 

  182. 

  183.     def test_conditional_escape(self):
    184. 

  184.         s = '<h1>interop</h1>'
    185. 

  185.         self.assertEqual(html.conditional_escape(s),
    186. 

  186.                          '&lt;h1&gt;interop&lt;/h1&gt;')
    187. 

  187.         self.assertEqual(html.conditional_escape(safestring.mark_safe(s)), s)
    188.