diff options
author | Waylan Limberg <waylan.limberg@icloud.com> | 2014-08-25 10:17:28 -0400 |
---|---|---|
committer | Waylan Limberg <waylan.limberg@icloud.com> | 2014-08-25 10:17:28 -0400 |
commit | d7e0f99babd33700aa02edd4760deab800c8b5b1 (patch) | |
tree | f941d10e615a9f51054617b76b96b0e0ab272400 /tests | |
parent | 091553a3571a085a8bb93fbd89cadda4a1071d7a (diff) | |
download | markdown-d7e0f99babd33700aa02edd4760deab800c8b5b1.tar.gz markdown-d7e0f99babd33700aa02edd4760deab800c8b5b1.tar.bz2 markdown-d7e0f99babd33700aa02edd4760deab800c8b5b1.zip |
Add test of unsafe HTML in stash with safe_mode='excape'
This should give us 100% coverage of postprocessors.py.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/test_apis.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/test_apis.py b/tests/test_apis.py index 5117ccd..e99f606 100644 --- a/tests/test_apis.py +++ b/tests/test_apis.py @@ -135,6 +135,26 @@ class TestHtmlStash(unittest.TestCase): self.assertEqual(self.stash.html_counter, 0) self.assertEqual(self.stash.rawHtmlBlocks, []) + def testUnsafeHtmlInSafeMode(self): + """ Test that unsafe HTML gets escaped in safe_mode. """ + output = markdown.markdown('foo', extensions=[self.build_extension()], safe_mode='escape') + self.assertEqual(output, '<p><script>print("evil")</script></p>') + + def build_extension(self): + """ Build an extention that addes unsafe html to Stash in same_mode. """ + class Unsafe(markdown.treeprocessors.Treeprocessor): + def run(self, root): + el = root.find('p') + el.text = self.markdown.htmlStash.store('<script>print("evil")</script>', safe=False) + return root + + class StoreUnsafeHtml(markdown.extensions.Extension): + def extendMarkdown(self, md, md_globals): + md.treeprocessors.add('unsafe', Unsafe(md), '_end') + + return StoreUnsafeHtml() + + class TestOrderedDict(unittest.TestCase): """ Test OrderedDict storage class. """ |