2013-03-11 22:38:39 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
"""
|
2013-04-16 10:04:28 +02:00
|
|
|
Test the openslides forms.
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
:copyright: 2011, 2012, 2013 by the OpenSlides team, see AUTHORS.
|
|
|
|
:license: GNU GPL, see LICENSE for more details.
|
|
|
|
"""
|
|
|
|
|
|
|
|
from django import forms
|
|
|
|
|
|
|
|
from openslides.utils.forms import CleanHtmlFormMixin
|
2013-09-25 10:01:01 +02:00
|
|
|
from openslides.utils.test import TestCase
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
|
|
|
|
class HtmlTestForm(CleanHtmlFormMixin, forms.Form):
|
|
|
|
text = forms.CharField()
|
|
|
|
text2 = forms.CharField()
|
2013-04-16 10:04:28 +02:00
|
|
|
clean_html_fields = ('text',)
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
|
|
|
|
class CleanHtmlTest(TestCase):
|
|
|
|
def clean_html(self, dirty='', clean=False):
|
|
|
|
form = HtmlTestForm({'text': dirty, 'text2': dirty})
|
|
|
|
form.is_valid()
|
|
|
|
|
|
|
|
# No forbidden HTML-tags, nothing should change
|
|
|
|
if not clean:
|
|
|
|
self.assertEqual(form.cleaned_data['text'], dirty)
|
|
|
|
|
|
|
|
# Something was removed
|
|
|
|
else:
|
2013-04-16 10:04:28 +02:00
|
|
|
self.assertEqual(form.cleaned_data['text'], clean)
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
# Field text2 has the same content, but is never passed through the
|
|
|
|
# HTML-cleanup and should never change
|
|
|
|
self.assertEqual(form.cleaned_data['text2'], dirty)
|
|
|
|
|
|
|
|
def test_clean_html(self):
|
2013-04-16 10:04:28 +02:00
|
|
|
"""
|
2013-03-11 22:38:39 +01:00
|
|
|
Test that the correct HTML tags and attributes are removed
|
2013-04-16 10:04:28 +02:00
|
|
|
"""
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
# Forbidden tags and attributes
|
|
|
|
self.clean_html('<script>do_evil();</script>', 'do_evil();')
|
|
|
|
self.clean_html('<html>evil</html>', 'evil')
|
|
|
|
self.clean_html('<p href="evil.com">good?</p>', '<p>good?</p>')
|
|
|
|
self.clean_html('<p onclick="javascript:evil();">Not evil</p>', '<p>Not evil</p>')
|
|
|
|
self.clean_html('<div style="margin-top: 100000em;">evil</div>', 'evil')
|
2013-04-16 10:04:28 +02:00
|
|
|
self.clean_html('<p style="font-weight:bold;">bad</p>', '<p>bad</p>')
|
|
|
|
self.clean_html('<table><tbody><tr><td>OK</td></tr></tbody></table>', 'OK')
|
|
|
|
self.clean_html('<blockquote>OK</blockquote>', 'OK')
|
|
|
|
self.clean_html('<p style="text-decoration: underline;">OK</p>', '<p>OK</p>')
|
2013-03-11 22:38:39 +01:00
|
|
|
|
|
|
|
# Allowed tags and attributes
|
2013-04-16 10:04:28 +02:00
|
|
|
self.clean_html('<a href="evil.com">good?</a>')
|
2013-03-11 22:38:39 +01:00
|
|
|
self.clean_html('<p>OK</p>')
|
|
|
|
self.clean_html('<p><strong>OK</strong></p>')
|
|
|
|
self.clean_html('<pre>OK</pre>')
|
|
|
|
self.clean_html('<ul><li>OK</li></ul>')
|