diff options
author | Daniel Schadt <kingdread@gmx.de> | 2023-04-13 20:46:04 +0200 |
---|---|---|
committer | Daniel Schadt <kingdread@gmx.de> | 2023-04-13 20:46:04 +0200 |
commit | c8d3a9d1a926b244aadedb0d1811d8d8d4a4f4c0 (patch) | |
tree | 6da4cd78a287e4cb615dbad518fb43df81aae9a9 /tests | |
parent | be05f4d4e1729714ffb4c3c37b5dcedcd7c79c26 (diff) | |
download | fietsboek-c8d3a9d1a926b244aadedb0d1811d8d8d4a4f4c0.tar.gz fietsboek-c8d3a9d1a926b244aadedb0d1811d8d8d4a4f4c0.tar.bz2 fietsboek-c8d3a9d1a926b244aadedb0d1811d8d8d4a4f4c0.zip |
replace bleach with nh3
See https://github.com/mozilla/bleach/issues/698
nh3 is a small wrapper around https://crates.io/crates/ammonia - more
Rust code in Fietsboek! \o/
The default seems to be to strip unknown tags instead of replace them
with htmlentities, which is fine. Then the <script> tags are completely
gone.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit/test_util.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/unit/test_util.py b/tests/unit/test_util.py index 0ac5c33..1a56911 100644 --- a/tests/unit/test_util.py +++ b/tests/unit/test_util.py @@ -12,8 +12,8 @@ from fietsboek import util ("**foobar**", Markup("<p><strong>foobar</strong></p>")), ("*foobar*", Markup("<p><em>foobar</em></p>")), ("# foobar", Markup("<h1>foobar</h1>")), - ("<script>alert('evil')</script>", - Markup("<script>alert('evil')</script>")), + ("<script>alert('evil')</script>", Markup("")), + ("<x-script>alert('evil')</x-script>", Markup("<p>alert('evil')</p>")), ]) def test_safe_markdown(md_source, expected): assert util.safe_markdown(md_source) == expected |