diff --git a/djangocms_text_ckeditor/fields.py b/djangocms_text_ckeditor/fields.py index d51d8a29..6f29be0b 100644 --- a/djangocms_text_ckeditor/fields.py +++ b/djangocms_text_ckeditor/fields.py @@ -5,7 +5,7 @@ from djangocms_text.fields import HTMLFormField as TextHTMLFormField -class HTMLField(TextHTMLField): +class HTMLField(TextHTMLField): # pragma: no cover def __init__(self, *args: Any, **kwargs: Any) -> None: warnings.warn( "djangocms_text_ckeditor.fields.HTMLField is deprecated. " @@ -16,7 +16,7 @@ def __init__(self, *args: Any, **kwargs: Any) -> None: super().__init__(*args, **kwargs) -class HTMLFormField(TextHTMLFormField): +class HTMLFormField(TextHTMLFormField): # pragma: no cover def __init__(self, *args: Any, **kwargs: Any) -> None: warnings.warn( "djangocms_text_ckeditor.fields.HTMLFormField is deprecated. " diff --git a/djangocms_text_ckeditor/widgets.py b/djangocms_text_ckeditor/widgets.py index 6475f386..fb932e37 100644 --- a/djangocms_text_ckeditor/widgets.py +++ b/djangocms_text_ckeditor/widgets.py @@ -4,7 +4,7 @@ from djangocms_text.widgets import TextEditorWidget as NewTextEditorWidget -class TextEditorWidget(NewTextEditorWidget): +class TextEditorWidget(NewTextEditorWidget): # pragma: no cover def __init__(self, *args: Any, **kwargs: Any) -> None: warnings.warn( "djangocms_text_ckeditor.widgets.TextEditorWidget is deprecated. " diff --git a/tests/test_field.py b/tests/test_field.py index 9c44887d..d6b95fae 100644 --- a/tests/test_field.py +++ b/tests/test_field.py @@ -24,9 +24,9 @@ class FieldTestCase(BaseTestCase): '') text_with_iframe_escaped = ('

some non malicious text

<iframe ' 'src="http://www.w3schools.com"></iframe>') - text_with_script = ('

some non malicious text

' + text_with_script = ('

some non malicious text

' '') - text_with_script_escaped = ('

some non malicious text

<script>' + text_with_script_escaped = ('

some non malicious text

<script>' 'alert("Hello! I am an alert box!");</script>') def test_model_field_text_is_safe(self): @@ -39,7 +39,6 @@ def test_model_field_text_is_safe(self): rendered = template.render(Context({'obj': text})) self.assertEqual(original, rendered) - @skipIf(True, "sanitizer deactivated") def test_model_field_sanitized(self): obj = SimpleText(text=self.text_normal) obj.full_clean() @@ -53,15 +52,14 @@ def test_model_field_sanitized(self): obj.full_clean() obj.save() - self.assertEqual(obj.text, self.text_with_iframe_escaped) + self.assertEqual(obj.text, self.text_normal) obj = SimpleText(text=self.text_with_script) obj.full_clean() obj.save() - self.assertEqual(obj.text, self.text_with_script_escaped) + self.assertEqual(obj.text, self.text_normal) - @skipIf(True, "sanitizer deactivated") def test_form_field_sanitized(self): form = SimpleTextForm(data={'text': self.text_normal}) self.assertTrue(form.is_valid()) @@ -71,9 +69,9 @@ def test_form_field_sanitized(self): form = SimpleTextForm(data={'text': self.text_with_iframe}) self.assertTrue(form.is_valid()) - self.assertEqual(form.cleaned_data['text'], self.text_with_iframe_escaped) + self.assertEqual(form.cleaned_data['text'], self.text_normal) form = SimpleTextForm(data={'text': self.text_with_script}) self.assertTrue(form.is_valid()) - self.assertEqual(form.cleaned_data['text'], self.text_with_script_escaped) + self.assertEqual(form.cleaned_data['text'], self.text_normal) diff --git a/tests/test_html.py b/tests/test_html.py index 059b5a07..81be2cf6 100644 --- a/tests/test_html.py +++ b/tests/test_html.py @@ -1,6 +1,9 @@ - +from cms.api import create_page +from cms.test_utils.testcases import CMSTestCase from djangocms_text import html, settings +from djangocms_text.html import render_dynamic_attributes +from tests.fixtures import TestFixture class HtmlSanitizerAdditionalProtocolsTests: @@ -92,3 +95,35 @@ def test_clean_html_with_sanitize_disabled(self): self.assertHTMLEqual(original, cleaned) finally: settings.TEXT_HTML_SANITIZE = old_text_html_sanitize + + +class HTMLDynamicAttriutesTest(TestFixture, CMSTestCase): + def test_dynamic_link(self): + page = self.create_page("page", "page.html", language="en") + self.publish(page, "en") + self.assertEqual( + page.get_absolute_url(), + "/en/page/", + ) + dynamic_html = f'Link' + + result = render_dynamic_attributes(dynamic_html) + self.assertEqual( + result, + f'Link', + ) + + def test_invalid_dynamic_link(self): + page = self.create_page("page", "page.html", language="en") + self.publish(page, "en") + self.assertEqual( + page.get_absolute_url(), + "/en/page/", + ) + dynamic_html = f'Link' + + result = render_dynamic_attributes(dynamic_html) + self.assertEqual( + result, + 'Link', + ) diff --git a/tests/test_plugin.py b/tests/test_plugin.py index 38cbc300..792e2932 100644 --- a/tests/test_plugin.py +++ b/tests/test_plugin.py @@ -934,7 +934,6 @@ def test_plugin_tags_to_id_list(self): for markup, expected in pairs: self.assertEqual(plugin_tags_to_id_list(markup), expected) - @skipIf(True, "sanitizer deactivated") def test_text_plugin_xss(self): page = self.create_page('test page', template='page.html', language='en') placeholder = self.get_placeholders(page, 'en').get(slot='content')