[FIX] html_sanitize does not raise exception for empty string anymore. correct related test
bzr revid: chs@openerp.com-20131125174956-1y13zszzf9h2pkl6
This commit is contained in:
parent
28581cc734
commit
63601c6650
|
@ -82,12 +82,8 @@ class TestSanitizer(unittest2.TestCase):
|
||||||
self.assertNotIn('javascript', html, 'html_sanitize did not remove a malicious javascript')
|
self.assertNotIn('javascript', html, 'html_sanitize did not remove a malicious javascript')
|
||||||
self.assertTrue('ha.ckers.org' not in html or 'http://ha.ckers.org/xss.css' in html, 'html_sanitize did not remove a malicious code in %s (%s)' % (content, html))
|
self.assertTrue('ha.ckers.org' not in html or 'http://ha.ckers.org/xss.css' in html, 'html_sanitize did not remove a malicious code in %s (%s)' % (content, html))
|
||||||
|
|
||||||
# Raise an exception if the node is an empty string without any root tag
|
content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->" # down-level hidden block
|
||||||
with self.assertRaises(etree.ParserError):
|
self.assertEquals(html_sanitize(content, silent=False), '')
|
||||||
content = "<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]-->" # down-level hidden block
|
|
||||||
html = html_sanitize(content, silent=False)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def test_html(self):
|
def test_html(self):
|
||||||
sanitized_html = html_sanitize(test_mail_examples.MISC_HTML_SOURCE)
|
sanitized_html = html_sanitize(test_mail_examples.MISC_HTML_SOURCE)
|
||||||
|
|
Loading…
Reference in New Issue