-
Notifications
You must be signed in to change notification settings - Fork 193
/
Copy pathtest_misc.py
56 lines (43 loc) · 1.53 KB
/
test_misc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import pytest
from webob.util import html_escape, text_
class t_esc_HTML:
def __html__(self):
return "<div>hello</div>"
class t_esc_Unicode:
def __str__(self):
return "\xe9"
class t_esc_UnsafeAttrs:
attr = "value"
def __getattr__(self, k):
return self.attr
def __repr__(self):
return "<UnsafeAttrs>"
class t_esc_SuperMoose:
def __str__(self):
return "m\xf8ose"
@pytest.mark.parametrize(
"input,expected",
[
('these chars: < > & "', "these chars: < > & ""),
(" ", " "),
("è", "&egrave;"),
# The apostrophe is *not* escaped, which some might consider to be
# a serious bug (see, e.g. http://www.cvedetails.com/cve/CVE-2010-2480/)
pytest.param("'", "'"),
("the majestic m\xf8ose", "the majestic møose"),
# 8-bit strings are passed through
("\xe9", "é"),
# ``None`` is treated specially, and returns the empty string.
(None, ""),
# Objects that define a ``__html__`` method handle their own escaping
(t_esc_HTML(), "<div>hello</div>"),
# Things that are not strings are converted to strings and then escaped
(42, "42"),
(t_esc_SuperMoose(), "møose"),
(t_esc_Unicode(), "é"),
(t_esc_UnsafeAttrs(), "<UnsafeAttrs>"),
pytest.param(Exception("expected a '<'."), "expected a '<'."),
],
)
def test_html_escape(input, expected):
assert expected == html_escape(input)