diff options
Diffstat (limited to 'tests/regressiontests/admin_widgets/tests.py')
| -rw-r--r-- | tests/regressiontests/admin_widgets/tests.py | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/tests/regressiontests/admin_widgets/tests.py b/tests/regressiontests/admin_widgets/tests.py index fa599c618c..b3fff1fecc 100644 --- a/tests/regressiontests/admin_widgets/tests.py +++ b/tests/regressiontests/admin_widgets/tests.py @@ -299,18 +299,24 @@ class AdminURLWidgetTest(DjangoTestCase): w = widgets.AdminURLFieldWidget() self.assertHTMLEqual( conditional_escape(w.render('test', 'http://example-äüö.com')), - '<p class="url">Currently:<a href="http://xn--example--7za4pnc.com">http://example-äüö.com</a><br />Change:<input class="vURLField" name="test" type="text" value="http://example-äüö.com" /></p>' + '<p class="url">Currently: <a href="http://xn--example--7za4pnc.com">http://example-äüö.com</a><br />Change:<input class="vURLField" name="test" type="text" value="http://example-äüö.com" /></p>' ) def test_render_quoting(self): + # WARNING: Don't use assertHTMLEqual in that testcase! + # assertHTMLEqual will get rid of some escapes which are tested here! w = widgets.AdminURLFieldWidget() - self.assertHTMLEqual( - conditional_escape(w.render('test', 'http://example.com/<sometag>some text</sometag>')), - '<p class="url">Currently:<a href="http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E">http://example.com/<sometag>some text</sometag></a><br />Change:<input class="vURLField" name="test" type="text" value="http://example.com/<sometag>some text</sometag>" /></p>' + self.assertEqual( + w.render('test', 'http://example.com/<sometag>some text</sometag>'), + '<p class="url">Currently: <a href="http://example.com/%3Csometag%3Esome%20text%3C/sometag%3E">http://example.com/<sometag>some text</sometag></a><br />Change: <input class="vURLField" name="test" type="text" value="http://example.com/<sometag>some text</sometag>" /></p>' ) - self.assertHTMLEqual( - conditional_escape(w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>')), - '<p class="url">Currently:<a href="http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E">http://example-äüö.com/<sometag>some text</sometag></a><br />Change:<input class="vURLField" name="test" type="text" value="http://example-äüö.com/<sometag>some text</sometag>" /></p>' + self.assertEqual( + w.render('test', 'http://example-äüö.com/<sometag>some text</sometag>'), + '<p class="url">Currently: <a href="http://xn--example--7za4pnc.com/%3Csometag%3Esome%20text%3C/sometag%3E">http://example-äüö.com/<sometag>some text</sometag></a><br />Change: <input class="vURLField" name="test" type="text" value="http://example-äüö.com/<sometag>some text</sometag>" /></p>' + ) + self.assertEqual( + w.render('test', 'http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"'), + '<p class="url">Currently: <a href="http://www.example.com/%C3%A4%22%3E%3Cscript%3Ealert(%22XSS!%22)%3C/script%3E%22">http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"</a><br />Change: <input class="vURLField" name="test" type="text" value="http://www.example.com/%C3%A4"><script>alert("XSS!")</script>"" /></p>' ) |