#!/usr/bin/env python # -*- coding: utf-8 -*- # This test can be run stand-alone with something like: # > PYTHONPATH=. python2 openerp/tests/test_misc.py ############################################################################## # # OpenERP, Open Source Business Applications # Copyright (c) 2012-TODAY OpenERP S.A. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # ############################################################################## import unittest2 from openerp.tools import html_sanitize, html_email_clean, append_content_to_html, plaintext2html HTML_SOURCE = """ test1

test2

test3

test4

test5

test6

test7
test8

test9
test10

test11

test12

google test link """ EDI_LIKE_HTML_SOURCE = """

Hello ${object.partner_id.name},

A new invoice is available for you:

  REFERENCES
  Invoice number: ${object.number}
  Invoice total: ${object.amount_total} ${object.currency_id.name}
  Invoice date: ${object.date_invoice}
  Order reference: ${object.origin}
  Your contact: ${object.user_id.name}

It is also possible to directly pay with Paypal:

If you have any question, do not hesitate to contact us.

Thank you for choosing ${object.company_id.name or 'us'}!

${object.company_id.name}

${object.company_id.street}
${object.company_id.street2}
${object.company_id.zip} ${object.company_id.city}
${object.company_id.state_id and ('%s, ' % object.company_id.state_id.name) or ''} ${object.company_id.country_id.name or ''}

Phone: ${object.company_id.phone}

Web : ${object.company_id.website}

""" TEXT_MAIL1 = """I contact you about our meeting for tomorrow. Here is the schedule I propose: 9 AM: brainstorming about our new amazing business app 9.45 AM: summary 10 AM: meeting with Fabien to present our app Is everything ok for you ? -- Administrator""" HTML_MAIL1 = """

I contact you about our meeting for tomorrow. Here is the schedule I propose:

9 AM: brainstorming about our new amazing business app
9.45 AM: summary
10 AM: meeting with Fabien to present our app

Is everything ok for you ?

""" GMAIL_REPLY1_SAN = """Hello,

Ok for me. I am replying directly in gmail, without signature.

Kind regards,

Demo.

On Thu, Nov 8, 2012 at 5:29 PM, <dummy@example.com> wrote:

I contact you about our meeting for tomorrow. Here is the schedule I propose:
9 AM: brainstorming about our new amazing business app</span></li>

9.45 AM: summary
10 AM: meeting with Fabien to present our app
Is everything ok for you ?

--
Administrator

Log in our portal at: http://localhost:8069#action=login&db=mail_1&login=demo

""" THUNDERBIRD_16_REPLY1_SAN = """

On 11/08/2012 05:29 PM, dummy@example.com wrote:

I contact you about our meeting for tomorrow. Here is the schedule I propose:

9 AM: brainstorming about our new amazing business app</span></li>

9.45 AM: summary

10 AM: meeting with Fabien to present our app

Is everything ok for you ?

--
Administrator

Log in our portal at: http://localhost:8069#action=login&db=mail_1&token=rHdWcUART5PhEnJRaXjH

Ok for me. I am replying directly below your mail, using Thunderbird, with a signature.

Did you receive my email about my new laptop, by the way ?

Raoul.

-- 
Raoul Grosbedonnée

""" TEXT_TPL = """Salut Raoul! Le 28 oct. 2012 à 00:02, Raoul Grosbedon a écrit : > C'est sûr que je suis intéressé (quote)! Trouloulou pouet pouet. Je ne vais quand même pas écrire de vrais mails, non mais ho. > 2012/10/27 Bert Tartopoils : >> Diantre, me disè-je en envoyant un message similaire à Martine, mais comment vas-tu (quote)? >> >> A la base le contenu était un vrai mail, mais je l'ai quand même réécrit pour ce test, histoire de dire que, quand même, on ne met pas n'importe quoi ici. (quote) >> >> Et sinon bon courage pour trouver tes clefs (quote). >> >> Bert TARTOPOILS >> bert.tartopoils@miam.miam >> > > > -- > Raoul Grosbedon Bert TARTOPOILS bert.tartopoils@miam.miam """ class TestSanitizer(unittest2.TestCase): """ Test the html sanitizer that filters html to remove unwanted attributes """ def test_basic_sanitizer(self): cases = [ ("yop", "

yop

"), # simple ("lala

yop

xxx", "

lala

yop

xxx

"), # trailing text ("Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci", u"

Merci à l'intérêt pour notre produit.nous vous contacterons bientôt. Merci

"), # unicode ] for content, expected in cases: html = html_sanitize(content) self.assertEqual(html, expected, 'html_sanitize is broken') def test_evil_malicious_code(self): # taken from https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Tests cases = [ ("

"), # no quotes and semicolons ("

"), # UTF-8 Unicode encoding ("

"), # hex encoding ("

"), # embedded carriage return ("

"), # embedded newline ("

"), # embedded tab ("

"), # embedded encoded tab ("

"), # spaces and meta-characters ("

\">"), # malformed tag (""), # non-alpha-non-digits (""), # non-alpha-non-digits ("<"), # extraneous open brackets ("