Mercurial > libervia-backend

comparison src/test/test_plugin_misc_text_syntaxes.py @ 795:6625558371db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
test: added tests for the plugin "room game" + rename other test files
author souliane <souliane@mailoo.org>
date Fri, 10 Jan 2014 18:20:30 +0100
parents src/test/test_plugin_text_syntaxes.py@9810f22ba733
children 1fe00f0c9a91
comparison
equal deleted inserted replaced
794:52c4b755aba6 795:6625558371db
1 #!/usr/bin/python
2 # -*- coding: utf-8 -*-
3
4 # SAT: a jabber client
5 # Copyright (C) 2009, 2010, 2011, 2012, 2013 Jérôme Poisson (goffi@goffi.org)
6
7 # This program is free software: you can redistribute it and/or modify
8 # it under the terms of the GNU Affero General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
11
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU Affero General Public License for more details.
16
17 # You should have received a copy of the GNU Affero General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19
20 """ Plugin text syntaxes tests """
21
22 from sat.test import helpers
23 from sat.plugins import plugin_misc_text_syntaxes
24
25
26 class SanitisationTest(helpers.SatTestCase):
27
28 def setUp(self):
29 self.host = helpers.FakeSAT()
30 self.text_syntaxes = plugin_misc_text_syntaxes.TextSyntaxes(self.host)
31
32 def test_xhtml_sanitise(self):
33 evil_html = """
34 <html>
35 <head>
36 <script type="text/javascript" src="evil-site"></script>
37 <link rel="alternate" type="text/rss" src="evil-rss">
38 <style>
39 body {background-image: url(javascript:do_evil)};
40 div {color: expression(evil)};
41 </style>
42 </head>
43 <body onload="evil_function()">
44 <!-- I am interpreted for EVIL! -->
45 <a href="javascript:evil_function()">a link</a>
46 <a href="#" onclick="evil_function()">another link</a>
47 <p onclick="evil_function()">a paragraph</p>
48 <div style="display: none">secret EVIL!</div>
49 <object> of EVIL! </object>
50 <iframe src="evil-site"></iframe>
51 <form action="evil-site">
52 Password: <input type="password" name="password">
53 </form>
54 <blink>annoying EVIL!</blink>
55 <a href="evil-site">spam spam SPAM!</a>
56 <image src="evil!">
57 </body>
58 </html>""" # example from lxml: /usr/share/doc/python-lxml-doc/html/lxmlhtml.html#cleaning-up-html
59
60 expected = """<div>
61 <style>/* deleted */</style>
62 <body>
63 <a href="">a link</a>
64 <a href="#">another link</a>
65 <p>a paragraph</p>
66 <div style="">secret EVIL!</div>
67 of EVIL!
68 Password:
69 annoying EVIL!
70 <a href="evil-site">spam spam SPAM!</a>
71 <img src="evil!">
72 </img></body>
73 </div>"""
74
75 d = self.text_syntaxes.clean_xhtml(evil_html)
76 d.addCallback(self.assertEqualXML, expected, ignore_blank=True)
77 return d
78
79 def test_styles_sanitise(self):
80 evil_html = """<p style='display: None; test: blah; background: url(: alert()); color: blue;'>test <strong>retest</strong><br><span style="background-color: (alert('bouh')); titi; color: #cf2828; font-size: 3px; direction: !important; color: red; color: red !important; font-size: 100px !important; font-size: 100px ! important; font-size: 100%; font-size: 100ox; font-size: 100px; font-size: 100;;;; font-size: 100 %; color: 100 px 1.7em; color: rgba(0, 0, 0, 0.1); color: rgb(35,79,255); background-color: no-repeat; background-color: :alert(1); color: (alert('XSS')); color: (window.location='http://example.org/'); color: url(:window.location='http://example.org/'); "> toto </span></p>"""
81
82 expected = """<p style="color: blue">test <strong>retest</strong><br/><span style="color: #cf2828; font-size: 3px; color: red; color: red !important; font-size: 100px !important; font-size: 100%; font-size: 100px; font-size: 100; font-size: 100 %; color: rgba(0, 0, 0, 0.1); color: rgb(35,79,255); background-color: no-repeat"> toto </span></p>"""
83
84 d = self.text_syntaxes.clean_xhtml(evil_html)
85 d.addCallback(self.assertEqualXML, expected)
86 return d