Commit e0d19724 authored by Tristan Cavelier's avatar Tristan Cavelier

fixup ! add test

parent 9ba87c92
......@@ -650,6 +650,28 @@ class TestERP5Core(ERP5TypeTestCase, ZopeTestCase.Functional):
self.assertEqual(response.getStatus(), 401)
self.assertNotIn("Also, the following error occurred", str(response))
def test_raisingNotFoundDoesNotShowEscapedHtml(self):
"""
NotFound error are sent with html as error reason. Zope added a fix to
avoid XSS that escape html before showing it. Here, we don't make sure
that the error reason is unescaped, but we make sure that NotFound errors
produces a good rendering (e.g. without `<p>`).
"""
from Products.ERP5Type.tests.utils import createZODBPythonScript
portal = self.getPortal()
base_script = createZODBPythonScript(
portal.portal_skins.custom,
'test_raisingNotFoundDoesNotShowEscapedHtml',
'scripts_params=None',
'from zExceptions import NotFound\nraise NotFound, ' +
'"<p><strong>error test tristan</strong></p>"' )
response = self.publish("%s/test_raisingNotFoundDoesNotShowEscapedHtml" % self.portal_id)
self.assertEqual(response.getStatus(), 404)
self.assertNotIn("error test tristan", str(response))
self.assertNotIn("&lt;p&gt;", str(response))
# At least check if the output shows the resource is not found
self.assertIn("Resource not found", str(response))
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestERP5Core))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment