Skip to content

Commit 8b17a7b

Browse files
ashirleyashirley
committed
Add test for rendering
1 parent c6ce6d1 commit 8b17a7b

1 file changed

Lines changed: 70 additions & 0 deletions

File tree

tests/test_village_rendering.py

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
import html
2+
3+
import markdown
4+
5+
from apps.villages import views
6+
7+
8+
def test_render_simple(request_context):
9+
rendered = views.render_markdown("Hi *you*. Welcome to [EMF](https://www.emfcamp.org/)")
10+
11+
assert '<iframe sandbox="allow-scripts" ' in rendered, "iFrame should be sandboxed"
12+
assert "Hi &lt;em&gt;you&lt;/em&gt;." in rendered, "rendering should contain em tags"
13+
assert (
14+
"&lt;a href=&quot;https://www.emfcamp.org/&quot; rel=&quot;noopener nofollow&quot;&gt;EMF&lt;/a&gt;"
15+
in rendered
16+
), "rendering should contain a tag"
17+
18+
19+
def naive_rendering(input):
20+
"""A naive rendering of markdown with no security used as a control for test cases."""
21+
22+
extensions = ["markdown.extensions.nl2br", "markdown.extensions.smarty", "tables"]
23+
return html.escape(markdown.markdown(input, extensions=extensions), True)
24+
25+
26+
def check_FAIL_not_rendered(input, message):
27+
assert "FAIL" not in views.render_markdown(input), message
28+
assert "FAIL" in naive_rendering(input), "Control didn't contain FAIL either for " + message
29+
30+
31+
def check_FAIL_not_rendered2(input, message):
32+
assert "FAIL" not in views.render_markdown2(input), message
33+
assert "FAIL" in naive_rendering(input), "Control didn't contain FAIL either for " + message
34+
35+
36+
def test_render_dangerous(request_context):
37+
check_FAIL_not_rendered("[click me!](javascript:alert%28'FAIL'%29)", "javascript link should be removed")
38+
check_FAIL_not_rendered('<script>alert("FAIL");</script>', "script tag should be removed")
39+
check_FAIL_not_rendered("![An Image?](/FAIL)", "CSRF img tag should be removed")
40+
check_FAIL_not_rendered('<img src="/FAIL"></img>', "CSRF img tag should be removed")
41+
42+
43+
def test_render_image(request_context):
44+
check_FAIL_not_rendered("![alt text](http://example.com/FAIL.jpg)", "image should be removed")
45+
check_FAIL_not_rendered('<img src="http://example.com/FAIL.jpg"></img>', "CSRF img tag should be removed")
46+
47+
48+
def test_render2_simple(request_context):
49+
rendered = views.render_markdown2("Hi *you*. Welcome to [EMF](https://www.emfcamp.org/)")
50+
51+
assert "<iframe sandbox " in rendered, "iFrame should be sandboxed"
52+
assert "Hi &lt;em&gt;you&lt;/em&gt;." in rendered, "rendering should contain em tags"
53+
assert (
54+
"&lt;a href=&quot;https://www.emfcamp.org/&quot; rel=&quot;noopener nofollow&quot;&gt;EMF&lt;/a&gt;"
55+
in rendered
56+
), "rendering should contain a tag"
57+
58+
59+
def test_render2_dangerous(request_context):
60+
check_FAIL_not_rendered2("[click me!](javascript:alert%28'FAIL'%29)", "javascript link should be removed")
61+
check_FAIL_not_rendered2('<script>alert("FAIL");</script>', "script tag should be removed")
62+
check_FAIL_not_rendered2("![An Image?](/FAIL)", "CSRF img tag should be removed")
63+
check_FAIL_not_rendered2('<img src="/FAIL"></img>', "CSRF img tag should be removed")
64+
65+
66+
def test_render2_image(request_context):
67+
check_FAIL_not_rendered2("![alt text](http://example.com/FAIL.jpg)", "image should be removed")
68+
check_FAIL_not_rendered2(
69+
'<img src="http://example.com/FAIL.jpg"></img>', "CSRF img tag should be removed"
70+
)

0 commit comments

Comments
 (0)