← Back to branch summary

~ubuntu-branches/debian/sid/python-django/sid

« back to all changes in this revision

Viewing changes to tests/utils_tests/test_html.py

  • Committer: Package Import Robot
  • Author(s): Luke Faraone
  • Date: 2014-04-21 16:47:14 UTC
  • mfrom: (1.3.14)
  • Revision ID: package-import@ubuntu.com-20140421164714-3mlvyr7y1ssdo9e6
Tags: 1.6.3-1
* New upstream security release.
  - Unexpected code execution using ``reverse()``
  - CVE-2014-0472
  - Caching of anonymous pages could reveal CSRF token
  - CVE-2014-0473
  - MySQL typecasting could result in unexpected matches
  - CVE-2014-0474
* Drop patches 07_translation_encoding_fix and ticket21869.diff; merged
  upstream

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/utils_tests/test_html.py
84
84
        for value, output in items:
85
85
            self.check_output(f, value, output)
86
86
 
 
87
        # Some convoluted syntax for which parsing may differ between python versions
 
88
        output = html.strip_tags('<sc<!-- -->ript>test<<!-- -->/script>')
 
89
        self.assertNotIn('<script>', output)
 
90
        self.assertIn('test', output)
 
91
        output = html.strip_tags('<script>alert()</script>&h')
 
92
        self.assertNotIn('<script>', output)
 
93
        self.assertIn('alert()', output)
 
94
 
87
95
        # Test with more lengthy content (also catching performance regressions)
88
96
        for filename in ('strip_tags1.html', 'strip_tags2.txt'):
89
97
            path = os.path.join(os.path.dirname(upath(__file__)), 'files', filename)