Commit 1bebfac8 authored by Tres Seaver's avatar Tres Seaver

Backport test of reStructuredText security fixes.

parent 0b3e409f
...@@ -56,13 +56,40 @@ class TestZReST(unittest.TestCase): ...@@ -56,13 +56,40 @@ class TestZReST(unittest.TestCase):
s = '<h1><a id="hello-world" name="hello-world">Hello World</a></h1>' s = '<h1><a id="hello-world" name="hello-world">Hello World</a></h1>'
self.assertEqual(s in html, True) self.assertEqual(s in html, True)
s = '<h1><a id="von-v-geln-und-fen" name="von-v-geln-und-fen">Von Vgeln und fen</a></h1>' s = '<h1><a id="von-v-geln-und-fen" name="von-v-geln-und-fen">'\
'Von Vgeln und fen</a></h1>'
self.assertEqual(s in html, True) self.assertEqual(s in html, True)
# ZReST should render a complete HTML document # ZReST should render a complete HTML document
self.assertEqual('<html' in html, True) self.assertEqual('<html' in html, True)
self.assertEqual('<body>' in html, True) self.assertEqual('<body>' in html, True)
def test_include_directive_raises(self):
resty = self._makeOne()
resty.source = 'hello world\n .. include:: /etc/passwd'
self.assertRaises(NotImplementedError, resty.render)
def test_raw_directive_disabled(self):
EXPECTED = '<h1>HELLO WORLD</h1>'
resty = self._makeOne()
resty.source = '.. raw:: html\n\n %s\n' % EXPECTED
result = resty.render() # don't raise, but don't work either
self.failIf(EXPECTED in result)
def test_raw_directive_file_directive_raises(self):
resty = self._makeOne()
resty.source = '.. raw:: html\n :file: inclusion.txt'
self.assertRaises(NotImplementedError, resty.render)
def test_raw_directive_url_directive_raises(self):
resty = self._makeOne()
resty.source = '.. raw:: html\n :url: http://www.zope.org/'
self.assertRaises(NotImplementedError, resty.render)
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
......
...@@ -82,6 +82,32 @@ text ...@@ -82,6 +82,32 @@ text
self.assertEquals(output, expected) self.assertEquals(output, expected)
def test_include_directive_raises(self):
source = 'hello world\n .. include:: /etc/passwd'
self.assertRaises(NotImplementedError, HTML, source)
def test_raw_directive_disabled(self):
EXPECTED = '<h1>HELLO WORLD</h1>'
source = '.. raw:: html\n\n %s\n' % EXPECTED
result = HTML(source) # don't raise, but don't work either
self.failIf(EXPECTED in result)
self.failUnless("&quot;raw&quot; directive disabled" in result)
from cgi import escape
self.failUnless(escape(EXPECTED) in result)
def test_raw_directive_file_option_raises(self):
source = '.. raw:: html\n :file: inclusion.txt'
self.assertRaises(NotImplementedError, HTML, source)
def test_raw_directive_url_option_raises(self):
source = '.. raw:: html\n :url: http://www.zope.org'
self.assertRaises(NotImplementedError, HTML, source)
def test_suite(): def test_suite():
from unittest import TestSuite, makeSuite from unittest import TestSuite, makeSuite
return TestSuite((makeSuite(TestReST),)) return TestSuite((makeSuite(TestReST),))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment