mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-12-23 23:23:06 +11:00
Added unittests for the xss bug.
This commit is contained in:
parent
e74d456272
commit
ac87dac3cc
1 changed files with 31 additions and 4 deletions
|
@ -10,7 +10,7 @@ from django.test.utils import override_settings
|
|||
|
||||
from ..models import Snippet
|
||||
from ..forms import EXPIRE_DEFAULT
|
||||
from ..highlight import LEXER_DEFAULT
|
||||
from ..highlight import LEXER_DEFAULT, PLAIN_TEXT, PLAIN_CODE
|
||||
|
||||
|
||||
class SnippetTestCase(TestCase):
|
||||
|
@ -19,13 +19,15 @@ class SnippetTestCase(TestCase):
|
|||
self.client = Client()
|
||||
self.new_url = reverse('snippet_new')
|
||||
|
||||
def valid_form_data(self):
|
||||
return {
|
||||
def valid_form_data(self, **kwargs):
|
||||
data = {
|
||||
'content': u"Hello Wörld.\n\tGood Bye",
|
||||
'lexer': LEXER_DEFAULT,
|
||||
'expires': EXPIRE_DEFAULT,
|
||||
}
|
||||
|
||||
if kwargs:
|
||||
data.update(kwargs)
|
||||
return data
|
||||
|
||||
def test_about(self):
|
||||
response = self.client.get(reverse('dpaste_about'))
|
||||
|
@ -247,6 +249,31 @@ class SnippetTestCase(TestCase):
|
|||
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
# -------------------------------------------------------------------------
|
||||
# XSS and correct escaping
|
||||
# -------------------------------------------------------------------------
|
||||
XSS_ORIGINAL = u'<script>hello</script>'
|
||||
XSS_ESCAPED = u'<script>hello</script>'
|
||||
|
||||
def test_xss_text_lexer(self):
|
||||
# Simple 'text' lexer
|
||||
data = self.valid_form_data(content=self.XSS_ORIGINAL, lexer=PLAIN_TEXT)
|
||||
response = self.client.post(self.new_url, data, follow=True)
|
||||
self.assertContains(response, self.XSS_ESCAPED)
|
||||
|
||||
def test_xss_code_lexer(self):
|
||||
# Simple 'code' lexer
|
||||
data = self.valid_form_data(content=self.XSS_ORIGINAL, lexer=PLAIN_CODE)
|
||||
response = self.client.post(self.new_url, data, follow=True)
|
||||
self.assertContains(response, self.XSS_ESCAPED)
|
||||
|
||||
def test_xss_pygments_lexer(self):
|
||||
# Pygments based lexer
|
||||
data = self.valid_form_data(content=self.XSS_ORIGINAL,
|
||||
lexer='python')
|
||||
response = self.client.post(self.new_url, data, follow=True)
|
||||
self.assertContains(response, self.XSS_ESCAPED)
|
||||
|
||||
# -------------------------------------------------------------------------
|
||||
# History
|
||||
# -------------------------------------------------------------------------
|
||||
|
|
Loading…
Reference in a new issue