From: Andrew Donnellan <[email protected]> Add a test to check whether we are escaping values from the Patch model on the patch detail page.
This test shouldn't be relied upon as proof that we've escaped everything correctly, but may help catch regressions. Signed-off-by: Andrew Donnellan <[email protected]> Signed-off-by: Daniel Axtens <[email protected]> --- patchwork/tests/test_detail.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/patchwork/tests/test_detail.py b/patchwork/tests/test_detail.py index 4ca1c9cda2f9..18408ecb95f6 100644 --- a/patchwork/tests/test_detail.py +++ b/patchwork/tests/test_detail.py @@ -34,6 +34,23 @@ class PatchViewTest(TestCase): response = self.client.get(requested_url) self.assertRedirects(response, redirect_url) + def test_escaping(self): + # Warning: this test doesn't guarantee anything - it only tests some + # fields + unescaped_string = 'blah<b>TEST</b>blah' + patch = create_patch() + patch.diff = unescaped_string + patch.commit_ref = unescaped_string + patch.pull_url = unescaped_string + patch.name = unescaped_string + patch.msgid = unescaped_string + patch.headers = unescaped_string + patch.content = unescaped_string + patch.save() + requested_url = reverse('patch-detail', kwargs={'patch_id': patch.id}) + response = self.client.get(requested_url) + self.assertNotIn('<b>TEST</b>'.encode('utf-8'), response.content) + class CommentRedirectTest(TestCase): -- 2.20.1 _______________________________________________ Patchwork mailing list [email protected] https://lists.ozlabs.org/listinfo/patchwork
