# -*- coding: utf-8 -*- from django import forms from openslides.utils.forms import CleanHtmlFormMixin from openslides.utils.test import TestCase class HtmlTestForm(CleanHtmlFormMixin, forms.Form): text = forms.CharField() text2 = forms.CharField() clean_html_fields = ('text',) class CleanHtmlTest(TestCase): def clean_html(self, dirty='', clean=False): form = HtmlTestForm({'text': dirty, 'text2': dirty}) form.is_valid() # No forbidden HTML-tags, nothing should change if not clean: self.assertEqual(form.cleaned_data['text'], dirty) # Something was removed else: self.assertEqual(form.cleaned_data['text'], clean) # Field text2 has the same content, but is never passed through the # HTML-cleanup and should never change self.assertEqual(form.cleaned_data['text2'], dirty) def test_clean_html(self): """ Test that the correct HTML tags and attributes are removed """ # Forbidden tags and attributes self.clean_html('', 'do_evil();') self.clean_html('evil', 'evil') self.clean_html('

good?

', '

good?

') self.clean_html('

Not evil

', '

Not evil

') self.clean_html('
evil
', 'evil') self.clean_html('

bad

', '

bad

') self.clean_html('
OK
', 'OK') self.clean_html('
OK
', 'OK') self.clean_html('

OK

', '

OK

') # Allowed tags and attributes self.clean_html('good?') self.clean_html('

OK

') self.clean_html('

OK

') self.clean_html('
OK
') self.clean_html('')