from django.forms import Media from django.forms.widgets import Script from django.template import Context, Template from django.test import SimpleTestCase, override_settings @override_settings(STATIC_URL="/static/") class CspNonceTagTests(SimpleTestCase): def test_with_nonce_in_context(self): t = Template("") result = t.render(Context({"csp_nonce": "abc123"})) self.assertEqual(result, '') def test_without_csp_nonce_in_context(self): t = Template("") result = t.render(Context()) self.assertEqual(result, "") def test_with_csp_nonce_none(self): t = Template("") result = t.render(Context({"csp_nonce": None})) self.assertEqual(result, "") def test_nonce_is_escaped(self): t = Template("") result = t.render(Context({"csp_nonce": '', ) def test_without_csp_nonce_in_context(self): media = Media(js=["/path/to/js"]) t = Template("{% csp_nonce_attr media %}") result = t.render(Context({"media": media})) self.assertHTMLEqual(result, '') def test_with_csp_nonce_none(self): media = Media(js=["/path/to/js"]) t = Template("{% csp_nonce_attr media %}") result = t.render(Context({"media": media, "csp_nonce": None})) self.assertHTMLEqual(result, '') def test_css_and_js(self): media = Media( css={"all": ["/path/to/css"]}, js=["/path/to/js"], ) t = Template("{% csp_nonce_attr media %}") result = t.render(Context({"media": media, "csp_nonce": "abc123"})) self.assertHTMLEqual( result, '\n' '', ) def test_with_script_object(self): media = Media(js=[Script("/path/to/js", integrity="sha256-abc")]) t = Template("{% csp_nonce_attr media %}") result = t.render(Context({"media": media, "csp_nonce": "abc123"})) self.assertHTMLEqual( result, '', ) def test_output_is_safe(self): media = Media(js=["/path/to/js"]) t = Template("{% csp_nonce_attr media %}") result = t.render(Context({"media": media, "csp_nonce": "abc123"})) self.assertIn("