import os import sys import unittest try: import json except ImportError: import simplejson as json from html5lib import html5parser, sanitizer, constants def runSanitizerTest(name, expected, input): expected = ''.join([token.toxml() for token in html5parser.HTMLParser(). parseFragment(expected).childNodes]) expected = json.loads(json.dumps(expected)) assert expected == sanitize_html(input) def sanitize_html(stream): return ''.join([token.toxml() for token in html5parser.HTMLParser(tokenizer=sanitizer.HTMLSanitizer). parseFragment(stream).childNodes]) def test_should_handle_astral_plane_characters(): assert u"

\U0001d4b5 \U0001d538

" == sanitize_html("

𝒵 𝔸

") def test_sanitizer(): for tag_name in sanitizer.HTMLSanitizer.allowed_elements: if tag_name in ['caption', 'col', 'colgroup', 'optgroup', 'option', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr']: continue ### TODO if tag_name != tag_name.lower(): continue ### TODO if tag_name == 'image': yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name, " $\"1\"/$ foo <bad>bar</bad> baz", "<%s title='1'>foo bar baz" % (tag_name,tag_name)) elif tag_name == 'br': yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name, "
foo <bad>bar</bad> baz
", "<%s title='1'>foo bar baz" % (tag_name,tag_name)) elif tag_name in constants.voidElements: yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name, "<%s title=\"1\"/>foo <bad>bar</bad> baz" % tag_name, "<%s title='1'>foo bar baz" % (tag_name,tag_name)) else: yield (runSanitizerTest, "test_should_allow_%s_tag" % tag_name, "<%s title=\"1\">foo <bad>bar</bad> baz" % (tag_name,tag_name), "<%s title='1'>foo bar baz" % (tag_name,tag_name)) for tag_name in sanitizer.HTMLSanitizer.allowed_elements: tag_name = tag_name.upper() yield (runSanitizerTest, "test_should_forbid_%s_tag" % tag_name, "<%s title=\"1\">foo <bad>bar</bad> baz</%s>" % (tag_name,tag_name), "<%s title='1'>foo bar baz" % (tag_name,tag_name)) for attribute_name in sanitizer.HTMLSanitizer.allowed_attributes: if attribute_name != attribute_name.lower(): continue ### TODO if attribute_name == 'style': continue yield (runSanitizerTest, "test_should_allow_%s_attribute" % attribute_name, "

foo <bad>bar</bad> baz

" % attribute_name, "

foo bar baz

" % attribute_name) for attribute_name in sanitizer.HTMLSanitizer.allowed_attributes: attribute_name = attribute_name.upper() yield (runSanitizerTest, "test_should_forbid_%s_attribute" % attribute_name, "

foo <bad>bar</bad> baz

", "

foo bar baz

" % attribute_name) for protocol in sanitizer.HTMLSanitizer.allowed_protocols: yield (runSanitizerTest, "test_should_allow_%s_uris" % protocol, "foo" % protocol, """foo""" % protocol) for protocol in sanitizer.HTMLSanitizer.allowed_protocols: yield (runSanitizerTest, "test_should_allow_uppercase_%s_uris" % protocol, "foo" % protocol, """foo""" % protocol)