diff options
author | Preston Timmons <prestontimmons@gmail.com> | 2016-12-27 17:00:56 -0500 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-12-27 17:50:10 -0500 |
commit | b52c73008a9d67e9ddbb841872dc15cdd3d6ee01 (patch) | |
tree | b58a2d18242db5234b18678116e07e6f6bbc7cb3 /tests/admin_widgets/tests.py | |
parent | 51cde873d9fc8e4540f4efecbd39cfe8e770be38 (diff) | |
download | django-b52c73008a9d67e9ddbb841872dc15cdd3d6ee01.tar.gz |
Fixed #15667 -- Added template-based widget rendering.
Thanks Carl Meyer and Tim Graham for contributing to the patch.
Diffstat (limited to 'tests/admin_widgets/tests.py')
-rw-r--r-- | tests/admin_widgets/tests.py | 62 |
1 files changed, 41 insertions, 21 deletions
diff --git a/tests/admin_widgets/tests.py b/tests/admin_widgets/tests.py index 2d8b88f2cf..b74df4e251 100644 --- a/tests/admin_widgets/tests.py +++ b/tests/admin_widgets/tests.py @@ -3,6 +3,7 @@ from __future__ import unicode_literals import gettext import os +import re from datetime import datetime, timedelta from importlib import import_module @@ -354,34 +355,53 @@ class AdminURLWidgetTest(SimpleTestCase): ) def test_render_quoting(self): - # WARNING: Don't use assertHTMLEqual in that testcase! - # assertHTMLEqual will get rid of some escapes which are tested here! + """ + WARNING: This test doesn't use assertHTMLEqual since it will get rid + of some escapes which are tested here! + """ + HREF_RE = re.compile('href="([^"]+)"') + VALUE_RE = re.compile('value="([^"]+)"') + TEXT_RE = re.compile('<a[^>]+>([^>]+)</a>') w = widgets.AdminURLFieldWidget() + output = w.render('test', 'http://example.com/<sometag>some text</sometag>') + self.assertEqual( + HREF_RE.search(output).groups()[0], + 'http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E', + ) + self.assertEqual( + TEXT_RE.search(output).groups()[0], + 'http://example.com/<sometag>some text</sometag>', + ) + self.assertEqual( + VALUE_RE.search(output).groups()[0], + 'http://example.com/<sometag>some text</sometag>', + ) + output = w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>') + self.assertEqual( + HREF_RE.search(output).groups()[0], + 'http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E', + ) self.assertEqual( - w.render('test', 'http://example.com/<sometag>some text</sometag>'), - '<p class="url">Currently: ' - '<a href="http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E">' - 'http://example.com/<sometag>some text</sometag></a><br />' - 'Change: <input class="vURLField" name="test" type="url" ' - 'value="http://example.com/<sometag>some text</sometag>" /></p>' + TEXT_RE.search(output).groups()[0], + 'http://example-äüö.com/<sometag>some text</sometag>', ) self.assertEqual( - w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>'), - '<p class="url">Currently: ' - '<a href="http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E">' - 'http://example-äüö.com/<sometag>some text</sometag></a><br />' - 'Change: <input class="vURLField" name="test" type="url" ' - 'value="http://example-äüö.com/<sometag>some text</sometag>" /></p>' + VALUE_RE.search(output).groups()[0], + 'http://example-äüö.com/<sometag>some text</sometag>', ) + output = w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"') self.assertEqual( - w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"'), - '<p class="url">Currently: ' - '<a href="http://www.example.com/%C3%A4%22%3E%3Cscript%3Ealert(%22XSS!%22)%3C/script%3E%22">' + HREF_RE.search(output).groups()[0], + 'http://www.example.com/%C3%A4%22%3E%3Cscript%3Ealert(%22XSS!%22)%3C/script%3E%22', + ) + self.assertEqual( + TEXT_RE.search(output).groups()[0], 'http://www.example.com/%C3%A4"><script>' - 'alert("XSS!")</script>"</a><br />' - 'Change: <input class="vURLField" name="test" type="url" ' - 'value="http://www.example.com/%C3%A4"><script>' - 'alert("XSS!")</script>"" /></p>' + 'alert("XSS!")</script>"' + ) + self.assertEqual( + VALUE_RE.search(output).groups()[0], + 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"', ) |