diff options
| author | Claude Paroz <claude@2xlibre.net> | 2014-03-20 16:50:50 +0100 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2014-03-22 11:01:14 +0100 |
| commit | 80f08dbdbc1f9c8b4ed75298955016feb697c4a1 (patch) | |
| tree | dda3a74763844deb41fdf180db074d8b64d27249 /tests/utils_tests/test_html.py | |
| parent | 0c19383a1ffaaefe92b7b3bfaac6885525afd9a9 (diff) | |
[1.7.x] Improved strip_tags and clarified documentation
The fact that strip_tags cannot guarantee to really strip all
non-safe HTML content was not clear enough. Also see:
https://www.djangoproject.com/weblog/2014/mar/22/strip-tags-advisory/
Backport of 6ca6c36f82b from master.
Diffstat (limited to 'tests/utils_tests/test_html.py')
| -rw-r--r-- | tests/utils_tests/test_html.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/utils_tests/test_html.py b/tests/utils_tests/test_html.py index 51ff38d190..5cf2992ac4 100644 --- a/tests/utils_tests/test_html.py +++ b/tests/utils_tests/test_html.py @@ -82,6 +82,8 @@ class TestUtilsHtml(TestCase): ('a<p a >b</p>c', 'abc'), ('d<a:b c:d>e</p>f', 'def'), ('<strong>foo</strong><a href="http://example.com">bar</a>', 'foobar'), + ('<sc<!-- -->ript>test<<!-- -->/script>', 'test'), + ('<script>alert()</script>&h', 'alert()&h'), ) for value, output in items: self.check_output(f, value, output) |
