mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
		
			
				
	
	
		
			109 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			109 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| import re
 | |
| 
 | |
| from django.forms import CharField, Form, Media
 | |
| from django.http import HttpRequest, HttpResponse
 | |
| from django.middleware.csrf import (
 | |
|     CSRF_TOKEN_LENGTH,
 | |
|     CsrfViewMiddleware,
 | |
|     _unmask_cipher_token,
 | |
|     get_token,
 | |
| )
 | |
| from django.template import TemplateDoesNotExist, TemplateSyntaxError
 | |
| from django.template.backends.dummy import TemplateStrings
 | |
| from django.test import SimpleTestCase
 | |
| 
 | |
| 
 | |
| class TemplateStringsTests(SimpleTestCase):
 | |
|     engine_class = TemplateStrings
 | |
|     backend_name = "dummy"
 | |
|     options = {}
 | |
| 
 | |
|     @classmethod
 | |
|     def setUpClass(cls):
 | |
|         super().setUpClass()
 | |
|         params = {
 | |
|             "DIRS": [],
 | |
|             "APP_DIRS": True,
 | |
|             "NAME": cls.backend_name,
 | |
|             "OPTIONS": cls.options,
 | |
|         }
 | |
|         cls.engine = cls.engine_class(params)
 | |
| 
 | |
|     def test_from_string(self):
 | |
|         template = self.engine.from_string("Hello!\n")
 | |
|         content = template.render()
 | |
|         self.assertEqual(content, "Hello!\n")
 | |
| 
 | |
|     def test_get_template(self):
 | |
|         template = self.engine.get_template("template_backends/hello.html")
 | |
|         content = template.render({"name": "world"})
 | |
|         self.assertEqual(content, "Hello world!\n")
 | |
| 
 | |
|     def test_get_template_nonexistent(self):
 | |
|         with self.assertRaises(TemplateDoesNotExist) as e:
 | |
|             self.engine.get_template("template_backends/nonexistent.html")
 | |
|         self.assertEqual(e.exception.backend, self.engine)
 | |
| 
 | |
|     def test_get_template_syntax_error(self):
 | |
|         # There's no way to trigger a syntax error with the dummy backend.
 | |
|         # The test still lives here to factor it between other backends.
 | |
|         if self.backend_name == "dummy":
 | |
|             self.skipTest("test doesn't apply to dummy backend")
 | |
|         with self.assertRaises(TemplateSyntaxError):
 | |
|             self.engine.get_template("template_backends/syntax_error.html")
 | |
| 
 | |
|     def test_html_escaping(self):
 | |
|         template = self.engine.get_template("template_backends/hello.html")
 | |
|         context = {"name": '<script>alert("XSS!");</script>'}
 | |
|         content = template.render(context)
 | |
| 
 | |
|         self.assertIn("<script>", content)
 | |
|         self.assertNotIn("<script>", content)
 | |
| 
 | |
|     def test_django_html_escaping(self):
 | |
|         if self.backend_name == "dummy":
 | |
|             self.skipTest("test doesn't apply to dummy backend")
 | |
| 
 | |
|         class TestForm(Form):
 | |
|             test_field = CharField()
 | |
| 
 | |
|         media = Media(js=["my-script.js"])
 | |
|         form = TestForm()
 | |
|         template = self.engine.get_template("template_backends/django_escaping.html")
 | |
|         content = template.render({"media": media, "test_form": form})
 | |
| 
 | |
|         expected = "{}\n\n{}\n\n{}".format(media, form, form["test_field"])
 | |
| 
 | |
|         self.assertHTMLEqual(content, expected)
 | |
| 
 | |
|     def check_tokens_equivalent(self, token1, token2):
 | |
|         self.assertEqual(len(token1), CSRF_TOKEN_LENGTH)
 | |
|         self.assertEqual(len(token2), CSRF_TOKEN_LENGTH)
 | |
|         token1, token2 = map(_unmask_cipher_token, (token1, token2))
 | |
|         self.assertEqual(token1, token2)
 | |
| 
 | |
|     def test_csrf_token(self):
 | |
|         request = HttpRequest()
 | |
|         CsrfViewMiddleware(lambda req: HttpResponse()).process_view(
 | |
|             request, lambda r: None, (), {}
 | |
|         )
 | |
| 
 | |
|         template = self.engine.get_template("template_backends/csrf.html")
 | |
|         content = template.render(request=request)
 | |
| 
 | |
|         expected = '<input type="hidden" name="csrfmiddlewaretoken" value="([^"]+)">'
 | |
|         match = re.match(expected, content) or re.match(
 | |
|             expected.replace('"', "'"), content
 | |
|         )
 | |
|         self.assertTrue(match, "hidden csrftoken field not found in output")
 | |
|         self.check_tokens_equivalent(match[1], get_token(request))
 | |
| 
 | |
|     def test_no_directory_traversal(self):
 | |
|         with self.assertRaises(TemplateDoesNotExist):
 | |
|             self.engine.get_template("../forbidden/template_backends/hello.html")
 | |
| 
 | |
|     def test_non_ascii_characters(self):
 | |
|         template = self.engine.get_template("template_backends/hello.html")
 | |
|         content = template.render({"name": "Jérôme"})
 | |
|         self.assertEqual(content, "Hello Jérôme!\n")
 |