summaryrefslogtreecommitdiff
path: root/tests/template_tests/syntax_tests/test_autoescape.py
diff options
context:
space:
mode:
authorPreston Timmons <prestontimmons@gmail.com>2014-11-11 19:32:44 -0600
committerTim Graham <timograham@gmail.com>2014-12-02 19:18:35 -0500
commitb872134bfc14f6322bd1e4b0a08bf5bfd2c43a52 (patch)
treef82fc6be418adeb1e7ff36728f82008770066999 /tests/template_tests/syntax_tests/test_autoescape.py
parent4a4ad27712b44cebada1bdaebd082cf82df74610 (diff)
Fixed #23768 -- Rewrote template tests as unit tests.
Diffstat (limited to 'tests/template_tests/syntax_tests/test_autoescape.py')
-rw-r--r--tests/template_tests/syntax_tests/test_autoescape.py121
1 files changed, 121 insertions, 0 deletions
diff --git a/tests/template_tests/syntax_tests/test_autoescape.py b/tests/template_tests/syntax_tests/test_autoescape.py
new file mode 100644
index 0000000000..6457fe31df
--- /dev/null
+++ b/tests/template_tests/syntax_tests/test_autoescape.py
@@ -0,0 +1,121 @@
+from django.template.base import TemplateSyntaxError
+from django.test import TestCase
+from django.utils.safestring import mark_safe
+
+from .utils import render, setup, SafeClass, UnsafeClass
+
+
+class AutoescapeTagTests(TestCase):
+
+ @setup({'autoescape-tag01': '{% autoescape off %}hello{% endautoescape %}'})
+ def test_autoescape_tag01(self):
+ output = render('autoescape-tag01')
+ self.assertEqual(output, 'hello')
+
+ @setup({'autoescape-tag02': '{% autoescape off %}{{ first }}{% endautoescape %}'})
+ def test_autoescape_tag02(self):
+ output = render('autoescape-tag02', {'first': '<b>hello</b>'})
+ self.assertEqual(output, '<b>hello</b>')
+
+ @setup({'autoescape-tag03': '{% autoescape on %}{{ first }}{% endautoescape %}'})
+ def test_autoescape_tag03(self):
+ output = render('autoescape-tag03', {'first': '<b>hello</b>'})
+ self.assertEqual(output, '&lt;b&gt;hello&lt;/b&gt;')
+
+ # Autoescape disabling and enabling nest in a predictable way.
+ @setup({'autoescape-tag04': '{% autoescape off %}'
+ '{{ first }} {% autoescape on %}{{ first }}{% endautoescape %}{% endautoescape %}'})
+ def test_autoescape_tag04(self):
+ output = render('autoescape-tag04', {'first': '<a>'})
+ self.assertEqual(output, '<a> &lt;a&gt;')
+
+ @setup({'autoescape-tag05': '{% autoescape on %}{{ first }}{% endautoescape %}'})
+ def test_autoescape_tag05(self):
+ output = render('autoescape-tag05', {'first': '<b>first</b>'})
+ self.assertEqual(output, '&lt;b&gt;first&lt;/b&gt;')
+
+ # Strings (ASCII or unicode) already marked as "safe" are not
+ # auto-escaped
+ @setup({'autoescape-tag06': '{{ first }}'})
+ def test_autoescape_tag06(self):
+ output = render('autoescape-tag06', {'first': mark_safe('<b>first</b>')})
+ self.assertEqual(output, '<b>first</b>')
+
+ @setup({'autoescape-tag07': '{% autoescape on %}{{ first }}{% endautoescape %}'})
+ def test_autoescape_tag07(self):
+ output = render('autoescape-tag07', {'first': mark_safe('<b>Apple</b>')})
+ self.assertEqual(output, '<b>Apple</b>')
+
+ @setup({'autoescape-tag08': r'{% autoescape on %}'
+ r'{{ var|default_if_none:" endquote\" hah" }}{% endautoescape %}'})
+ def test_autoescape_tag08(self):
+ """
+ Literal string arguments to filters, if used in the result, are safe.
+ """
+ output = render('autoescape-tag08', {"var": None})
+ self.assertEqual(output, ' endquote" hah')
+
+ # Objects which return safe strings as their __str__ method
+ # won't get double-escaped.
+ @setup({'autoescape-tag09': r'{{ unsafe }}'})
+ def test_autoescape_tag09(self):
+ output = render('autoescape-tag09', {'unsafe': UnsafeClass()})
+ self.assertEqual(output, 'you &amp; me')
+
+ @setup({'autoescape-tag10': r'{{ safe }}'})
+ def test_autoescape_tag10(self):
+ output = render('autoescape-tag10', {'safe': SafeClass()})
+ self.assertEqual(output, 'you &gt; me')
+
+ @setup({'autoescape-filtertag01': '{{ first }}{% filter safe %}{{ first }} x<y{% endfilter %}'})
+ def test_autoescape_filtertag01(self):
+ """
+ The "safe" and "escape" filters cannot work due to internal
+ implementation details (fortunately, the (no)autoescape block
+ tags can be used in those cases)
+ """
+ with self.assertRaises(TemplateSyntaxError):
+ render('autoescape-filtertag01', {'first': '<a>'})
+
+ @setup({'autoescape-ifequal01': '{% ifequal var "this & that" %}yes{% endifequal %}'})
+ def test_autoescape_ifequal01(self):
+ """
+ ifequal compares unescaped vales.
+ """
+ output = render('autoescape-ifequal01', {'var': 'this & that'})
+ self.assertEqual(output, 'yes')
+
+ # Arguments to filters are 'safe' and manipulate their input unescaped.
+ @setup({'autoescape-filters01': '{{ var|cut:"&" }}'})
+ def test_autoescape_filters01(self):
+ output = render('autoescape-filters01', {'var': 'this & that'})
+ self.assertEqual(output, 'this that')
+
+ @setup({'autoescape-filters02': '{{ var|join:" & " }}'})
+ def test_autoescape_filters02(self):
+ output = render('autoescape-filters02', {'var': ('Tom', 'Dick', 'Harry')})
+ self.assertEqual(output, 'Tom & Dick & Harry')
+
+ @setup({'autoescape-literals01': '{{ "this & that" }}'})
+ def test_autoescape_literals01(self):
+ """
+ Literal strings are safe.
+ """
+ output = render('autoescape-literals01')
+ self.assertEqual(output, 'this & that')
+
+ @setup({'autoescape-stringiterations01': '{% for l in var %}{{ l }},{% endfor %}'})
+ def test_autoescape_stringiterations01(self):
+ """
+ Iterating over strings outputs safe characters.
+ """
+ output = render('autoescape-stringiterations01', {'var': 'K&R'})
+ self.assertEqual(output, 'K,&amp;,R,')
+
+ @setup({'autoescape-lookup01': '{{ var.key }}'})
+ def test_autoescape_lookup01(self):
+ """
+ Escape requirement survives lookup.
+ """
+ output = render('autoescape-lookup01', {'var': {'key': 'this & that'}})
+ self.assertEqual(output, 'this &amp; that')
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 05:39:04 +0000