0001-matomo-detect-html-tags-in-tracking_js-32948.patch

Lauréline Guérin, 10 février 2020 10:21

Voir les différences: en ligne côte à côte

Subject: [PATCH] matomo: detect html tags in tracking_js (#32948)

 hobo/matomo/forms.py       |  6 ++++++
 tests/test_matomo_views.py | 42 +++++++++++++++++++++++---------------
 2 files changed, 31 insertions(+), 17 deletions(-)

             required=False,
             widget=forms.Textarea())
         def clean_tracking_js(self):
             value = self.cleaned_data['tracking_js']
             if '<script' in value:
                 raise forms.ValidationError('Please remove the "<script>" HTML tag.')
             return value
     class EnableForm(forms.Form):
         pass

     from requests import Response
     from webtest import TestApp
     from django.conf import settings
     from django.contrib.auth.models import User
     from django.test import override_settings
     from hobo.environment.models import Variable, Wcs, Combo, Fargo
     from hobo.environment.models import Wcs, Combo, Fargo
     from hobo.wsgi import application
     pytestmark = pytest.mark.django_db
-...
         app = login(TestApp(application))
         # get matomo's validation page
         resp1 = app.get('/visits-tracking/enable-manual', status=200)
         assert re.search('<textarea.* name="tracking_js"', resp1.body)
         resp = app.get('/visits-tracking/enable-manual', status=200)
         assert re.search('<textarea.* name="tracking_js"', resp.body)
         # validate and get matomo's home page
         resp1.form['tracking_js'] = '...js_code_1...'
         resp2 = resp1.form.submit().follow()
         assert resp2.body.find('Manual configuration.')
         assert re.search('<textarea.* name="tracking_js"', resp2.body)
         assert resp2.body.find('...js_code_1...</textarea>') != -1
         assert resp2.body.find('<button class="submit-button">Save</button>') != -1
         resp.form['tracking_js'] = '...js_code_1...'
         resp = resp.form.submit().follow()
         assert resp.body.find('Manual configuration.')
         assert re.search('<textarea.* name="tracking_js"', resp.body)
         assert resp.body.find('...js_code_1...</textarea>') != -1
         assert resp.body.find('<button class="submit-button">Save</button>') != -1
         # update JS code on matomo's home page
         resp2.form['tracking_js'] = '...js_code_2...'
         resp3 = resp2.form.submit().follow()
         assert resp3.body.find('Manual configuration.') != -1
         assert re.search('<textarea.* name="tracking_js"', resp3.body)
         assert resp3.body.find('...js_code_2...</textarea>') != -1
         assert resp3.body.find('<button class="submit-button">Save</button>') != -1
         assert resp3.body.find('Good respect of user rights') != -1
         resp.form['tracking_js'] = '...js_code_2...'
         resp = resp.form.submit().follow()
         assert resp.body.find('Manual configuration.') != -1
         assert re.search('<textarea.* name="tracking_js"', resp.body)
         assert resp.body.find('...js_code_2...</textarea>') != -1
         assert resp.body.find('<button class="submit-button">Save</button>') != -1
         assert resp.body.find('Good respect of user rights') != -1
         # check html tags
         resp.form['tracking_js'] = '<script>...js_code_2...</script>'
         resp = resp.form.submit()
         assert '<ul class="errorlist"><li>Please remove the &quot;&lt;script&gt;&quot; HTML tag.</li></ul>' in resp.text
         resp.form['tracking_js'] = '<script >'
         resp = resp.form.submit()
         assert '<ul class="errorlist"><li>Please remove the &quot;&lt;script&gt;&quot; HTML tag.</li></ul>' in resp.text
     def test_available_options(admin_user):
         """check available buttons (manual/automatic configurations)"""
+    -

Projet

Général

Profil

Produits Entr'ouvert » Hobo

0001-matomo-detect-html-tags-in-tracking_js-32948.patch