300 |
300 |
widget = DateWidget('test', date_in_the_past=True)
|
301 |
301 |
mock_form_submission(req, widget, {'test': yesterday})
|
302 |
302 |
assert not widget.has_error()
|
|
303 |
|
|
304 |
|
|
305 |
def test_wysiwygwidget():
|
|
306 |
widget = WysiwygTextWidget('test')
|
|
307 |
form = MockHtmlForm(widget)
|
|
308 |
assert 'name="test"' in form.as_html
|
|
309 |
req.form = {}
|
|
310 |
assert widget.parse() is None
|
|
311 |
|
|
312 |
widget = WysiwygTextWidget('test')
|
|
313 |
mock_form_submission(req, widget, {'test': 'bla bla bla'})
|
|
314 |
assert not widget.has_error()
|
|
315 |
assert widget.parse() == 'bla bla bla'
|
|
316 |
|
|
317 |
import wcs.qommon.form
|
|
318 |
sanitize_html = wcs.qommon.form._sanitizeHTML
|
|
319 |
if sanitize_html:
|
|
320 |
widget = WysiwygTextWidget('test')
|
|
321 |
mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'})
|
|
322 |
assert not widget.has_error()
|
|
323 |
assert widget.parse() == '<p>bla bla bla</p>'
|
|
324 |
|
|
325 |
widget = WysiwygTextWidget('test')
|
|
326 |
mock_form_submission(req, widget, {'test': '<a href="#">a</a>'})
|
|
327 |
assert not widget.has_error()
|
|
328 |
assert widget.parse() == '<a href="#">a</a>'
|
|
329 |
|
|
330 |
widget = WysiwygTextWidget('test')
|
|
331 |
mock_form_submission(req, widget, {'test': '<a href="javascript:alert()">a</a>'})
|
|
332 |
assert not widget.has_error()
|
|
333 |
assert widget.parse() == '<a href="">a</a>' # javascript: got filtered
|
|
334 |
|
|
335 |
# check we get escaped HTML if feedparser _sanitizeHTML is missing
|
|
336 |
wcs.qommon.form._sanitizeHTML = None
|
|
337 |
widget = WysiwygTextWidget('test')
|
|
338 |
mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'})
|
|
339 |
assert not widget.has_error()
|
|
340 |
assert widget.parse() == '<p>bla bla bla</p>'
|
|
341 |
wcs.qommon.form._sanitizeHTML = sanitize_html
|
303 |
|
-
|