Completed
Push — master ( f43d3b...32f29f )
by Dongxin
01:09
created

mytest.test_trigger_more_cases()   A

Complexity

Conditions 1

Size

Total Lines 8

Duplication

Lines 0
Ratio 0 %
Metric Value
cc 1
dl 0
loc 8
rs 9.4285
1
#!/usr/bin/env python
2
# encoding: utf-8
3
4
import mistune
5
import unittest
6
7
8
class mytest(unittest.TestCase):
9
10
    def testRender(self):
11
        self.assertEqual(False, False, 'Unit Test Start')
12
13
    def test_escape(self):
14
        ret = mistune.markdown('<div>**foo**</div>', escape=True)
15
        self.assertIn('&gt;', ret, 'success')
16
17
        ret = mistune.markdown('this **foo** is <b>bold</b>', escape=True)
18
        self.assertIn('&gt;', ret, 'success')
19
20
    def test_linebreak(self):
21
        ret = mistune.markdown('this **foo** \nis me')
22
        self.assertIsNot('<br>', ret, 'success')
23
24
        ret = mistune.markdown('this **foo** \nis me', hard_wrap=True)
25
        self.assertIn('<br>', ret, 'success')
26
27
    def test_safe_links(self):
28
        attack_vectors = (
29
            # "standard" javascript pseudo protocol
30
            ('javascript:alert`1`', ''),
31
            # bypass attempt
32
            ('jAvAsCrIpT:alert`1`', ''),
33
            # javascript pseudo protocol with entities
34
            ('javascript&colon;alert`1`', 'javascript&amp;colon;alert`1`'),
35
            # javascript pseudo protocol with prefix (dangerous in Chrome)
36
            ('\x1Ajavascript:alert`1`', ''),
37
            # data-URI (dangerous in Firefox)
38
            ('data:text/html,<script>alert`1`</script>', ''),
39
            # vbscript-URI (dangerous in Internet Explorer)
40
            ('vbscript:msgbox', ''),
41
            # breaking out of the attribute
42
            ('"<>', '&quot;&lt;&gt;'),
43
        )
44
        for vector, expected in attack_vectors:
45
            # image
46
            self.assertIn('src="%s"' % expected, mistune.markdown('![atk](%s)' % vector), 'success')
47
            # link
48
            self.assertIn('href="%s"' % expected, mistune.markdown('[atk](%s)' % vector), 'success')
49
50
    def test_skip_style(self):
51
        ret = mistune.markdown(
52
            'foo\n<style>body{color:red}</style>', skip_style=True
53
        )
54
        self.assertEqual(ret, '<p>foo</p>\n', 'success')
55
56
    def test_use_xhtml(self):
57
        ret = mistune.markdown('foo\n\n----\n\nbar')
58
        self.assertIn('<hr>', ret, 'success')
59
        ret = mistune.markdown('foo\n\n----\n\nbar', use_xhtml=True)
60
        self.assertIn('<hr />', ret, 'success')
61
62
        ret = mistune.markdown('foo  \nbar', use_xhtml=True)
63
        self.assertIn('<br />', ret, 'success')
64
65
        ret = mistune.markdown('![foo](bar "title")', use_xhtml=True)
66
        self.assertIn('<img src="bar" alt="foo" title="title" />', ret, 'success')
67
68
    def test_parse_inline_html(self):
69
        ret = mistune.markdown(
70
            '<div>**foo**</div>', parse_inline_html=True, escape=False
71
        )
72
        self.assertIsNot('<strong>', ret, 'success')
73
        ret = mistune.markdown(
74
            '<span>**foo**</span>', parse_inline_html=True, escape=False
75
        )
76
        self.assertIn('<span><strong>', ret, 'success')
77
78
        ret = mistune.markdown(
79
            '<a>http://lepture.com</a>', parse_inline_html=True, escape=False
80
        )
81
        self.assertIsNot('href', ret, 'sucess')
82
83
    def test_parse_block_html(self):
84
        ret = mistune.markdown(
85
            '<div>**foo**</div>', parse_block_html=True, escape=False
86
        )
87
        self.assertIn('<div><strong>', ret, 'success')
88
        ret = mistune.markdown(
89
            '<span>**foo**</span>', parse_block_html=True, escape=False
90
        )
91
        self.assertIsNot('<strong>', ret, 'success')
92
93
    def test_trigger_more_cases(self):
94
        markdown = mistune.Markdown(
95
            inline=mistune.InlineLexer,
96
            block=mistune.BlockLexer,
97
            skip_html=True
98
        )
99
        ret = markdown.render('foo[^foo]\n\n[^foo]: foo\n\n[^foo]: bar\n')
100
        self.assertIn('bar', ret, 'success')
101
102
    def test_not_escape_block_tags(self):
103
        text = '<h1>heading</h1> text'
104
        self.assertIn(text, mistune.markdown(text, escape=False), 'success')
105
106
    def test_not_escape_inline_tags(self):
107
        text = '<a name="top"></a>'
108
        self.assertIn(text, mistune.markdown(text, escape=False), 'success')
109
110
    def test_hard_wrap_renderer(self):
111
        text = 'foo\nnewline'
112
        renderer = mistune.Renderer(hard_wrap=True)
113
        func = mistune.Markdown(renderer=renderer)
114
        self.assertIn('<br>', func(text), 'success')
115
116
117
if __name__ == '__main__':
118
    unittest.main()
119