Mercurial > libervia-backend
annotate src/test/test_plugin_misc_text_syntaxes.py @ 830:d6bdf6022180
test radiocol: added a full scenario test
author | souliane <souliane@mailoo.org> |
---|---|
date | Wed, 15 Jan 2014 23:24:22 +0100 |
parents | 1fe00f0c9a91 |
children | c4b22aedb7d7 |
rev | line source |
---|---|
694
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/python |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 # -*- coding: utf-8 -*- |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # SAT: a jabber client |
811 | 5 # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014 Jérôme Poisson (goffi@goffi.org) |
694
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # This program is free software: you can redistribute it and/or modify |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # it under the terms of the GNU Affero General Public License as published by |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # the Free Software Foundation, either version 3 of the License, or |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 # (at your option) any later version. |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # This program is distributed in the hope that it will be useful, |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 # GNU Affero General Public License for more details. |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # You should have received a copy of the GNU Affero General Public License |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 """ Plugin text syntaxes tests """ |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 from sat.test import helpers |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from sat.plugins import plugin_misc_text_syntaxes |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 class SanitisationTest(helpers.SatTestCase): |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 def setUp(self): |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 self.host = helpers.FakeSAT() |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 self.text_syntaxes = plugin_misc_text_syntaxes.TextSyntaxes(self.host) |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 def test_xhtml_sanitise(self): |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 evil_html = """ |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 <html> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 <head> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 <script type="text/javascript" src="evil-site"></script> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 <link rel="alternate" type="text/rss" src="evil-rss"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 <style> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 body {background-image: url(javascript:do_evil)}; |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 div {color: expression(evil)}; |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 </style> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 </head> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 <body onload="evil_function()"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 <!-- I am interpreted for EVIL! --> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 <a href="javascript:evil_function()">a link</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 <a href="#" onclick="evil_function()">another link</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 <p onclick="evil_function()">a paragraph</p> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 <div style="display: none">secret EVIL!</div> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 <object> of EVIL! </object> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 <iframe src="evil-site"></iframe> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 <form action="evil-site"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 Password: <input type="password" name="password"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 </form> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 <blink>annoying EVIL!</blink> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 <a href="evil-site">spam spam SPAM!</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 <image src="evil!"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 </body> |
780
9810f22ba733
test: store the constants in constants.py + better PEP8 compliance
souliane <souliane@mailoo.org>
parents:
694
diff
changeset
|
58 </html>""" # example from lxml: /usr/share/doc/python-lxml-doc/html/lxmlhtml.html#cleaning-up-html |
694
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 expected = """<div> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 <style>/* deleted */</style> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 <body> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 <a href="">a link</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 <a href="#">another link</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 <p>a paragraph</p> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 <div style="">secret EVIL!</div> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 of EVIL! |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 Password: |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 annoying EVIL! |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 <a href="evil-site">spam spam SPAM!</a> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 <img src="evil!"> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 </img></body> |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 </div>""" |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 d = self.text_syntaxes.clean_xhtml(evil_html) |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 d.addCallback(self.assertEqualXML, expected, ignore_blank=True) |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 return d |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 def test_styles_sanitise(self): |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 evil_html = """<p style='display: None; test: blah; background: url(: alert()); color: blue;'>test <strong>retest</strong><br><span style="background-color: (alert('bouh')); titi; color: #cf2828; font-size: 3px; direction: !important; color: red; color: red !important; font-size: 100px !important; font-size: 100px ! important; font-size: 100%; font-size: 100ox; font-size: 100px; font-size: 100;;;; font-size: 100 %; color: 100 px 1.7em; color: rgba(0, 0, 0, 0.1); color: rgb(35,79,255); background-color: no-repeat; background-color: :alert(1); color: (alert('XSS')); color: (window.location='http://example.org/'); color: url(:window.location='http://example.org/'); "> toto </span></p>""" |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 expected = """<p style="color: blue">test <strong>retest</strong><br/><span style="color: #cf2828; font-size: 3px; color: red; color: red !important; font-size: 100px !important; font-size: 100%; font-size: 100px; font-size: 100; font-size: 100 %; color: rgba(0, 0, 0, 0.1); color: rgb(35,79,255); background-color: no-repeat"> toto </span></p>""" |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 d = self.text_syntaxes.clean_xhtml(evil_html) |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 d.addCallback(self.assertEqualXML, expected) |
4284b6ad8aa3
tests: plugin text syntaxes sanitisation tests
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 return d |