[FIX] html_sanitize does not raise exception for empty string anymore. correct related test
bzr revid: chs@openerp.com-20131125174956-1y13zszzf9h2pkl6
This commit is contained in:
parent
28581cc734
commit
63601c6650
|
@ -82,12 +82,8 @@ class TestSanitizer(unittest2.TestCase):
|
|||
self.assertNotIn('javascript', html, 'html_sanitize did not remove a malicious javascript')
|
||||
self.assertTrue('ha.ckers.org' not in html or 'http://ha.ckers.org/xss.css' in html, 'html_sanitize did not remove a malicious code in %s (%s)' % (content, html))
|
||||
|
||||
# Raise an exception if the node is an empty string without any root tag
|
||||
with self.assertRaises(etree.ParserError):
|
||||
content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->" # down-level hidden block
|
||||
html = html_sanitize(content, silent=False)
|
||||
|
||||
|
||||
content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->" # down-level hidden block
|
||||
self.assertEquals(html_sanitize(content, silent=False), '')
|
||||
|
||||
def test_html(self):
|
||||
sanitized_html = html_sanitize(test_mail_examples.MISC_HTML_SOURCE)
|
||||
|
|
Loading…
Reference in New Issue