~loggerhead-team/loggerhead/trunk-rich

« back to all changes in this revision

Viewing changes to loggerhead/tests/test_simple.py

  • Committer: William Grant
  • Date: 2011-03-24 23:02:29 UTC
  • mfrom: (441.1.7 xss-fix)
  • Revision ID: william.grant@canonical.com-20110324230229-zq85fy6aqvlyylbu
Improve escaping of filenames in revision views. Fixes a couple of XSS holes.

Show diffs side-by-side

added added

removed removed

Lines of Context:
56
56
 
57
57
        self.filecontents = ('some\nmultiline\ndata\n'
58
58
                             'with<htmlspecialchars\n')
 
59
        filenames = ['myfilename', 'anotherfile<']
59
60
        self.build_tree_contents(
60
 
            [('myfilename', self.filecontents)])
61
 
        self.tree.add('myfilename', 'myfile-id')
 
61
            (filename, self.filecontents) for filename in filenames)
 
62
        for filename in filenames:
 
63
            self.tree.add(filename, '%s-id' % filename)
62
64
        self.fileid = self.tree.path2id('myfilename')
63
65
        self.msg = 'a very exciting commit message <'
64
66
        self.revid = self.tree.commit(message=self.msg)
70
72
 
71
73
    def test_changes_for_file(self):
72
74
        app = self.setUpLoggerhead()
73
 
        res = app.get('/changes?filter_file_id=myfile-id')
 
75
        res = app.get('/changes?filter_file_id=myfilename-id')
74
76
        res.mustcontain(cgi.escape(self.msg))
75
77
 
76
78
    def test_changes_branch_from(self):
131
133
    def test_revision(self):
132
134
        app = self.setUpLoggerhead()
133
135
        res = app.get('/revision/1')
 
136
        res.mustcontain(no=['anotherfile<'])
 
137
        res.mustcontain('anotherfile&lt;')
134
138
        res.mustcontain('myfilename')
135
139
 
136
140