1
0
mirror of https://github.com/django/django.git synced 2025-01-15 04:45:51 +00:00
David Smith 097e3a70c1 Refs #33476 -- Applied Black's 2023 stable style.
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.

https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00

109 lines
4.0 KiB
Python

import re
from django.forms import CharField, Form, Media
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import (
CSRF_TOKEN_LENGTH,
CsrfViewMiddleware,
_unmask_cipher_token,
get_token,
)
from django.template import TemplateDoesNotExist, TemplateSyntaxError
from django.template.backends.dummy import TemplateStrings
from django.test import SimpleTestCase
class TemplateStringsTests(SimpleTestCase):
engine_class = TemplateStrings
backend_name = "dummy"
options = {}
@classmethod
def setUpClass(cls):
super().setUpClass()
params = {
"DIRS": [],
"APP_DIRS": True,
"NAME": cls.backend_name,
"OPTIONS": cls.options,
}
cls.engine = cls.engine_class(params)
def test_from_string(self):
template = self.engine.from_string("Hello!\n")
content = template.render()
self.assertEqual(content, "Hello!\n")
def test_get_template(self):
template = self.engine.get_template("template_backends/hello.html")
content = template.render({"name": "world"})
self.assertEqual(content, "Hello world!\n")
def test_get_template_nonexistent(self):
with self.assertRaises(TemplateDoesNotExist) as e:
self.engine.get_template("template_backends/nonexistent.html")
self.assertEqual(e.exception.backend, self.engine)
def test_get_template_syntax_error(self):
# There's no way to trigger a syntax error with the dummy backend.
# The test still lives here to factor it between other backends.
if self.backend_name == "dummy":
self.skipTest("test doesn't apply to dummy backend")
with self.assertRaises(TemplateSyntaxError):
self.engine.get_template("template_backends/syntax_error.html")
def test_html_escaping(self):
template = self.engine.get_template("template_backends/hello.html")
context = {"name": '<script>alert("XSS!");</script>'}
content = template.render(context)
self.assertIn("&lt;script&gt;", content)
self.assertNotIn("<script>", content)
def test_django_html_escaping(self):
if self.backend_name == "dummy":
self.skipTest("test doesn't apply to dummy backend")
class TestForm(Form):
test_field = CharField()
media = Media(js=["my-script.js"])
form = TestForm()
template = self.engine.get_template("template_backends/django_escaping.html")
content = template.render({"media": media, "test_form": form})
expected = "{}\n\n{}\n\n{}".format(media, form, form["test_field"])
self.assertHTMLEqual(content, expected)
def check_tokens_equivalent(self, token1, token2):
self.assertEqual(len(token1), CSRF_TOKEN_LENGTH)
self.assertEqual(len(token2), CSRF_TOKEN_LENGTH)
token1, token2 = map(_unmask_cipher_token, (token1, token2))
self.assertEqual(token1, token2)
def test_csrf_token(self):
request = HttpRequest()
CsrfViewMiddleware(lambda req: HttpResponse()).process_view(
request, lambda r: None, (), {}
)
template = self.engine.get_template("template_backends/csrf.html")
content = template.render(request=request)
expected = '<input type="hidden" name="csrfmiddlewaretoken" value="([^"]+)">'
match = re.match(expected, content) or re.match(
expected.replace('"', "'"), content
)
self.assertTrue(match, "hidden csrftoken field not found in output")
self.check_tokens_equivalent(match[1], get_token(request))
def test_no_directory_traversal(self):
with self.assertRaises(TemplateDoesNotExist):
self.engine.get_template("../forbidden/template_backends/hello.html")
def test_non_ascii_characters(self):
template = self.engine.get_template("template_backends/hello.html")
content = template.render({"name": "Jérôme"})
self.assertEqual(content, "Hello Jérôme!\n")