diff options
| author | Andrew Donnellan <ajd@linux.ibm.com> | 2019-07-01 18:04:53 +1000 |
|---|---|---|
| committer | Daniel Axtens <dja@axtens.net> | 2019-07-05 11:09:11 +1000 |
| commit | df80e690bcc32d483875dcb36b488764c89ec9b6 (patch) | |
| tree | 3f5ed0ecb2bbb718b5bc9891e7bec80bbda5408a | |
| parent | 133a6c90e9826376be0f12f2ae6c2d7b076bdba0 (diff) | |
| download | patchwork-df80e690bcc32d483875dcb36b488764c89ec9b6.tar patchwork-df80e690bcc32d483875dcb36b488764c89ec9b6.tar.gz | |
tests: Add test for unescaped values in patch detail page
Add a test to check whether we are escaping values from the Patch model on
the patch detail page.
This test shouldn't be relied upon as proof that we've escaped everything
correctly, but may help catch regressions.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
| -rw-r--r-- | patchwork/tests/test_detail.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/patchwork/tests/test_detail.py b/patchwork/tests/test_detail.py index 4ca1c9c..18408ec 100644 --- a/patchwork/tests/test_detail.py +++ b/patchwork/tests/test_detail.py @@ -34,6 +34,23 @@ class PatchViewTest(TestCase): response = self.client.get(requested_url) self.assertRedirects(response, redirect_url) + def test_escaping(self): + # Warning: this test doesn't guarantee anything - it only tests some + # fields + unescaped_string = 'blah<b>TEST</b>blah' + patch = create_patch() + patch.diff = unescaped_string + patch.commit_ref = unescaped_string + patch.pull_url = unescaped_string + patch.name = unescaped_string + patch.msgid = unescaped_string + patch.headers = unescaped_string + patch.content = unescaped_string + patch.save() + requested_url = reverse('patch-detail', kwargs={'patch_id': patch.id}) + response = self.client.get(requested_url) + self.assertNotIn('<b>TEST</b>'.encode('utf-8'), response.content) + class CommentRedirectTest(TestCase): |