Produits Entr'ouvert » w.c.s.

def test_wysiwygwidget():

    widget = WysiwygTextWidget('test')

    form = MockHtmlForm(widget)

    assert 'name="test"' in form.as_html

    req.form = {}

    assert widget.parse() is None

    widget = WysiwygTextWidget('test')

    mock_form_submission(req, widget, {'test': 'bla bla bla'})

    assert not widget.has_error()

    assert widget.parse() == 'bla bla bla'

    import wcs.qommon.form

    sanitize_html = wcs.qommon.form._sanitizeHTML

    if sanitize_html:

        widget = WysiwygTextWidget('test')

        mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'})

        assert not widget.has_error()

        assert widget.parse() == '<p>bla bla bla</p>'

        widget = WysiwygTextWidget('test')

        mock_form_submission(req, widget, {'test': '<a href="#">a</a>'})

        assert not widget.has_error()

        assert widget.parse() == '<a href="#">a</a>'

        widget = WysiwygTextWidget('test')

        mock_form_submission(req, widget, {'test': '<a href="javascript:alert()">a</a>'})

        assert not widget.has_error()

        assert widget.parse() == '<a href="">a</a>' # javascript: got filtered

    # check we get escaped HTML if feedparser _sanitizeHTML is missing

    wcs.qommon.form._sanitizeHTML = None

    widget = WysiwygTextWidget('test')

    mock_form_submission(req, widget, {'test': '<p>bla bla bla</p>'})

    assert not widget.has_error()

    assert widget.parse() == '<p>bla bla bla</p>'

    wcs.qommon.form._sanitizeHTML = sanitize_html