Commit 8f8861ed authored by Ivan Tyagov's avatar Ivan Tyagov

Extend test to cover inline JavaScript codes.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@36967 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 84029178
......@@ -1528,6 +1528,11 @@ class TestDocument(TestDocumentMixin):
<h1>My splendid title</h1>
</div>
<script type="text/javascript" src="http://example.com/something.js"/>
<script type="text/javascript">
alert("da");
</script>
<a href="javascript:DosomethingNasty()">Link</a>
<a onClick="javascript:DosomethingNasty()">Another Link</a>
<p>éàèù</p>
</body>
</html>
......@@ -1535,7 +1540,6 @@ class TestDocument(TestDocumentMixin):
web_page.edit(text_content=html_content)
# Check that outputed stripped html is safe
safe_html = web_page.asStrippedHTML()
self.assertTrue('My splendid title' in safe_html)
self.assertTrue('script' not in safe_html, safe_html)
......@@ -1546,6 +1550,10 @@ class TestDocument(TestDocumentMixin):
self.assertTrue('#FFAA44' not in safe_html)
self.assertTrue('5;url=http://example.com/' not in safe_html)
self.assertTrue('Set-Cookie' not in safe_html)
self.assertTrue('javascript' not in safe_html)
self.assertTrue('alert("da");' not in safe_html)
self.assertTrue('javascript:DosomethingNasty()' not in safe_html)
self.assertTrue('onClick' not in safe_html)
# Check that outputed entire html is safe
entire_html = web_page.asEntireHTML()
......@@ -1558,6 +1566,10 @@ class TestDocument(TestDocumentMixin):
self.assertTrue('<style' in entire_html)
self.assertTrue('#FFAA44' in entire_html)
self.assertTrue('charset=utf-8' in entire_html)
self.assertTrue('javascript' not in entire_html)
self.assertTrue('alert("da");' not in entire_html)
self.assertTrue('javascript:DosomethingNasty()' not in entire_html)
self.assertTrue('onClick' not in entire_html)
# now check converted value is stored in cache
format = 'html'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment