from django.forms import Media
from django.forms.widgets import Script
from django.template import Context, Template
from django.test import SimpleTestCase, override_settings
@override_settings(STATIC_URL="/static/")
class CspNonceTagTests(SimpleTestCase):
def test_with_nonce_in_context(self):
t = Template("")
result = t.render(Context({"csp_nonce": "abc123"}))
self.assertEqual(result, '')
def test_without_csp_nonce_in_context(self):
t = Template("")
result = t.render(Context())
self.assertEqual(result, "")
def test_with_csp_nonce_none(self):
t = Template("")
result = t.render(Context({"csp_nonce": None}))
self.assertEqual(result, "")
def test_nonce_is_escaped(self):
t = Template("")
result = t.render(Context({"csp_nonce": '',
)
def test_without_csp_nonce_in_context(self):
media = Media(js=["/path/to/js"])
t = Template("{% csp_nonce_attr media %}")
result = t.render(Context({"media": media}))
self.assertHTMLEqual(result, '')
def test_with_csp_nonce_none(self):
media = Media(js=["/path/to/js"])
t = Template("{% csp_nonce_attr media %}")
result = t.render(Context({"media": media, "csp_nonce": None}))
self.assertHTMLEqual(result, '')
def test_css_and_js(self):
media = Media(
css={"all": ["/path/to/css"]},
js=["/path/to/js"],
)
t = Template("{% csp_nonce_attr media %}")
result = t.render(Context({"media": media, "csp_nonce": "abc123"}))
self.assertHTMLEqual(
result,
'\n'
'',
)
def test_with_script_object(self):
media = Media(js=[Script("/path/to/js", integrity="sha256-abc")])
t = Template("{% csp_nonce_attr media %}")
result = t.render(Context({"media": media, "csp_nonce": "abc123"}))
self.assertHTMLEqual(
result,
'',
)
def test_output_is_safe(self):
media = Media(js=["/path/to/js"])
t = Template("{% csp_nonce_attr media %}")
result = t.render(Context({"media": media, "csp_nonce": "abc123"}))
self.assertIn("