Commit 921abb60 authored by Nicolas Delaby's avatar Nicolas Delaby

Test asSafeHTML output of documents.



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@33439 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent b4494de8
......@@ -1405,6 +1405,79 @@ class TestDocument(ERP5TypeTestCase, ZopeTestCase.Functional):
self.assertSameSet([person1, person2],
doc.getContributorValueList())
def test_safeHTML_conversion(self):
"""This test create a Web Page and test asSafeHTML conversion.
Test also with a very non well-formed html document
to stress conversion engine.
"""
# create web page
web_page_portal_type = 'Web Page'
module = self.portal.getDefaultModule(web_page_portal_type)
web_page = module.newContent(portal_type=web_page_portal_type)
html_content = """<html>
<head>
<title>My dirty title</title>
</head>
<body>
<div>
<h1>My splendid title</h1>
</div>
<script type="text/javascript" src="http://example.com/something.js"/>
</body>
</html>
"""
web_page.edit(text_content=html_content)
# convert web_page into safe-html
format = 'text/x-html-safe'
safe_html = web_page.asSafeHTML()
self.assertTrue('My splendid title' in safe_html)
self.assertTrue('script' not in safe_html, safe_html)
self.assertTrue('something.js' not in safe_html, safe_html)
# now check converted value is stored in cache
self.assertTrue(web_page.hasConversion(format=format))
web_page.edit(text_content=None)
self.assertFalse(web_page.hasConversion(format=format))
# test with not well-formed html document
html_content = """
<HTML dir=3Dltr><HEAD>=0A=
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dunicode">=0A=
<META content=3D"DIRTYHTML 6.00.2900.2722" name=3DGENERATOR></HEAD>=0A=
<BODY>=0A=
<DIV><FONT face=3D"Times New Roman" color=3D#000000 size=3D3>blablalba</FONT></DIV>=0A=
<DIV>&nbsp;</DIV>=0A=
<DIV></DIV>=0A=
<DIV>&nbsp;</DIV>=0A=
<DIV>&nbsp;</DIV>=0A=
<DIV>&nbsp;</DIV>=0A=
<br>=
<!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.0 Transitional//EN\\\\=
" \\\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\\\">=
=0A<html xmlns=3D\\\"http://www.w3.org/1999/xhtml\\\">=0A<head>=0A<m=
eta http-equiv=3D\\\"Content-Type\\\" content=3D\\\"text/html; c=
harset=3Diso-8859-1\\\" />=0A<style type=3D\\\"text/css\\\">=0A<=
!--=0A.style1 {font-size: 8px}=0A.style2 {font-family: Arial, Helvetica, san=
s-serif}=0A.style3 {font-size: 8px; font-family: Arial, Helvetica, sans-seri=
f; }=0A-->=0A</style>=0A</head>=0A=0A<body>=0A<div>=0A <p><span class=3D\\=
\\"style1\\\"><span class=3D\\\"style2\\\"><strong>I'm inside very broken HTML code</strong><br />=0A ERP5<br />=0A
ERP5
<br />=0A =
</span></span></p>=0A <p class=3D\\\"sty=
le3\\\">ERP5:<br />=0A </p>=0A <p class=3D\\\"style3\\\"><strong>ERP5</strong>=
<br />=0A ERP5</p>=0A</di=
v>=0A</body>=0A</html>=0A
<br>=
</BODY></HTML>
"""
web_page.edit(text_content=html_content)
safe_html = web_page.asSafeHTML()
self.assertTrue('inside very broken HTML code' in html_content)
class TestDocumentWithSecurity(ERP5TypeTestCase):
username = 'yusei'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment