diff options
| author | goodger <goodger@929543f6-e4f2-0310-98a6-ba3bd3dd1d04> | 2005-03-21 21:26:21 +0000 |
|---|---|---|
| committer | goodger <goodger@929543f6-e4f2-0310-98a6-ba3bd3dd1d04> | 2005-03-21 21:26:21 +0000 |
| commit | 74d2d3afebad25d1eff7b9bd795ac02c974fa238 (patch) | |
| tree | 188b23a66f535ebfdcf36361a87a4b9e8bb94761 /docutils/test/functional | |
| parent | cec4eb950d8c2390f07d6b463041f53853bab00f (diff) | |
| download | docutils-74d2d3afebad25d1eff7b9bd795ac02c974fa238.tar.gz | |
Added settings: ``file_insertion_enabled`` & ``raw_enabled``.
git-svn-id: http://svn.code.sf.net/p/docutils/code/trunk@3071 929543f6-e4f2-0310-98a6-ba3bd3dd1d04
Diffstat (limited to 'docutils/test/functional')
| -rw-r--r-- | docutils/test/functional/expected/dangerous.html | 50 | ||||
| -rw-r--r-- | docutils/test/functional/input/dangerous.txt | 13 | ||||
| -rw-r--r-- | docutils/test/functional/tests/dangerous.py | 12 |
3 files changed, 75 insertions, 0 deletions
diff --git a/docutils/test/functional/expected/dangerous.html b/docutils/test/functional/expected/dangerous.html new file mode 100644 index 000000000..9f0b58a54 --- /dev/null +++ b/docutils/test/functional/expected/dangerous.html @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<meta name="generator" content="Docutils 0.3.8: http://docutils.sourceforge.net/" /> +<title></title> +<link rel="stylesheet" href="default.css" type="text/css" /> +</head> +<body> +<div class="document"> +<p>Potentially dangerous features (security holes):</p> +<div class="system-message"> +<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">functional/input/dangerous.txt</tt>, line 3)</p> +<p>"include" directive disabled.</p> +<pre class="literal-block"> +.. include:: /etc/passwd +</pre> +</div> +<div class="system-message"> +<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">functional/input/dangerous.txt</tt>, line 4)</p> +<p>"raw" directive disabled.</p> +<pre class="literal-block"> +.. raw:: html + :file: /etc/passwd +</pre> +</div> +<div class="system-message"> +<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">functional/input/dangerous.txt</tt>, line 6)</p> +<p>"raw" directive disabled.</p> +<pre class="literal-block"> +.. raw:: html + :url: file:///etc/passwd +</pre> +</div> +<div class="system-message"> +<p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">functional/input/dangerous.txt</tt>, line 8)</p> +<p>"raw" directive disabled.</p> +<pre class="literal-block"> +.. raw:: html + + <script> + that does something really nasty + </script> + +</pre> +</div> +</div> +</body> +</html> diff --git a/docutils/test/functional/input/dangerous.txt b/docutils/test/functional/input/dangerous.txt new file mode 100644 index 000000000..2c1e55251 --- /dev/null +++ b/docutils/test/functional/input/dangerous.txt @@ -0,0 +1,13 @@ +Potentially dangerous features (security holes): + +.. include:: /etc/passwd +.. raw:: html + :file: /etc/passwd +.. raw:: html + :url: file:///etc/passwd +.. raw:: html + + <script> + that does something really nasty + </script> + diff --git a/docutils/test/functional/tests/dangerous.py b/docutils/test/functional/tests/dangerous.py new file mode 100644 index 000000000..620a927ba --- /dev/null +++ b/docutils/test/functional/tests/dangerous.py @@ -0,0 +1,12 @@ +# Source and destination file names. +test_source = "dangerous.txt" +test_destination = "dangerous.html" + +# Keyword parameters passed to publish_file. +reader_name = "standalone" +parser_name = "rst" +writer_name = "html" + +# Settings +settings_overrides['file_insertion_enabled'] = 0 +settings_overrides['raw_enabled'] = 0 |