131 """ a weird non regression test """ |
131 """ a weird non regression test """ |
132 e = self.execute('CWUser U WHERE U login "member"').get_entity(0, 0) |
132 e = self.execute('CWUser U WHERE U login "member"').get_entity(0, 0) |
133 self.request().create_entity('CWGroup', name=u'logilab', reverse_in_group=e) |
133 self.request().create_entity('CWGroup', name=u'logilab', reverse_in_group=e) |
134 |
134 |
135 |
135 |
|
136 class HTMLtransformTC(BaseEntityTC): |
|
137 |
|
138 def test_sanitized_html(self): |
|
139 r = self.request() |
|
140 c = r.create_entity('Company', name=u'Babar', |
|
141 description=u""" |
|
142 Title |
|
143 ===== |
|
144 |
|
145 Elephant management best practices. |
|
146 |
|
147 .. raw:: html |
|
148 |
|
149 <script>alert("coucou")</script> |
|
150 """, description_format=u'text/rest') |
|
151 self.commit() |
|
152 c.cw_clear_all_caches() |
|
153 self.assertIn('alert', c.printable_value('description', format='text/plain')) |
|
154 self.assertNotIn('alert', c.printable_value('description', format='text/html')) |
|
155 |
|
156 |
136 class SpecializedEntityClassesTC(CubicWebTC): |
157 class SpecializedEntityClassesTC(CubicWebTC): |
137 |
158 |
138 def select_eclass(self, etype): |
159 def select_eclass(self, etype): |
139 # clear selector cache |
160 # clear selector cache |
140 clear_cache(self.vreg['etypes'], 'etype_class') |
161 clear_cache(self.vreg['etypes'], 'etype_class') |