33 lines
1.1 KiB
Python
33 lines
1.1 KiB
Python
import unittest
|
|
|
|
import simplejson.decoder
|
|
import simplejson.encoder
|
|
|
|
|
|
class TestEncodeForHTML(unittest.TestCase):
|
|
|
|
def setUp(self):
|
|
self.decoder = simplejson.decoder.JSONDecoder()
|
|
self.encoder = simplejson.encoder.JSONEncoderForHTML()
|
|
|
|
def test_basic_encode(self):
|
|
self.assertEqual(r'"\u0026"', self.encoder.encode('&'))
|
|
self.assertEqual(r'"\u003c"', self.encoder.encode('<'))
|
|
self.assertEqual(r'"\u003e"', self.encoder.encode('>'))
|
|
|
|
def test_basic_roundtrip(self):
|
|
for char in '&<>':
|
|
self.assertEqual(
|
|
char, self.decoder.decode(
|
|
self.encoder.encode(char)))
|
|
|
|
def test_prevent_script_breakout(self):
|
|
bad_string = '</script><script>alert("gotcha")</script>'
|
|
self.assertEqual(
|
|
r'"\u003c/script\u003e\u003cscript\u003e'
|
|
r'alert(\"gotcha\")\u003c/script\u003e"',
|
|
self.encoder.encode(bad_string))
|
|
self.assertEqual(
|
|
bad_string, self.decoder.decode(
|
|
self.encoder.encode(bad_string)))
|