38 lines
2.0 KiB
Diff
38 lines
2.0 KiB
Diff
Add/Change #501 (test_sanitize_remove_src_javascript fails due to HTMLParser bugfixes in cpython)
|
|
Add/Change #500 (test_sanitize_remove_script_elem fails due to HTMLParser bugfixes in cpython)
|
|
--- a/genshi/filters/tests/html.py
|
|
+++ b/genshi/filters/tests/html.py
|
|
@@ -365,9 +365,12 @@
|
|
self.assertEquals('', (html | HTMLSanitizer()).render())
|
|
html = HTML('<SCRIPT SRC="http://example.com/"></SCRIPT>')
|
|
self.assertEquals('', (html | HTMLSanitizer()).render())
|
|
- self.assertRaises(ParseError, HTML, '<SCR\0IPT>alert("foo")</SCR\0IPT>')
|
|
- self.assertRaises(ParseError, HTML,
|
|
- '<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>')
|
|
+ html = HTML('<SCR\0IPT>alert("foo")</SCR\0IPT>')
|
|
+ self.assertEquals('<SCR\x00IPT>alert("foo")',
|
|
+ (html | HTMLSanitizer()).render())
|
|
+ html = HTML('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>')
|
|
+ self.assertEquals('<SCRIPT&XYZ; SRC="http://example.com/">',
|
|
+ (html | HTMLSanitizer()).render())
|
|
|
|
def test_sanitize_remove_onclick_attr(self):
|
|
html = HTML('<div onclick=\'alert("foo")\' />')
|
|
|
|
--- a/genshi/filters/tests/html.py
|
|
+++ b/genshi/filters/tests/html.py
|
|
@@ -437,9 +440,9 @@
|
|
# Case-insensitive protocol matching
|
|
html = HTML('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>')
|
|
self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
|
|
- # Grave accents (not parsed)
|
|
- self.assertRaises(ParseError, HTML,
|
|
- '<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
|
|
+ # Grave accents.
|
|
+ html = HTML('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
|
|
+ self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
|
|
# Protocol encoded using UTF-8 numeric entities
|
|
html = HTML('<IMG SRC=\'javascri'
|
|
'pt:alert("foo")\'>')
|
|
|