diff options
| author | Thibaut Horel <thibaut.horel@gmail.com> | 2013-09-29 05:12:56 -0400 |
|---|---|---|
| committer | Thibaut Horel <thibaut.horel@gmail.com> | 2013-09-29 05:12:56 -0400 |
| commit | 19346fa9068878af516cdb670bea4f791337507b (patch) | |
| tree | 54d4fa5a82b2e0305f3b050dc1ebb53ec9d82a5d /simplejson/tests/test_encode_for_html.py | |
| download | lastfm-19346fa9068878af516cdb670bea4f791337507b.tar.gz | |
Initial commit
Diffstat (limited to 'simplejson/tests/test_encode_for_html.py')
| -rw-r--r-- | simplejson/tests/test_encode_for_html.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/simplejson/tests/test_encode_for_html.py b/simplejson/tests/test_encode_for_html.py new file mode 100644 index 0000000..f995254 --- /dev/null +++ b/simplejson/tests/test_encode_for_html.py @@ -0,0 +1,30 @@ +import unittest + +import simplejson as json + +class TestEncodeForHTML(unittest.TestCase): + + def setUp(self): + self.decoder = json.JSONDecoder() + self.encoder = json.JSONEncoderForHTML() + + def test_basic_encode(self): + self.assertEqual(r'"\u0026"', self.encoder.encode('&')) + self.assertEqual(r'"\u003c"', self.encoder.encode('<')) + self.assertEqual(r'"\u003e"', self.encoder.encode('>')) + + def test_basic_roundtrip(self): + for char in '&<>': + self.assertEqual( + char, self.decoder.decode( + self.encoder.encode(char))) + + def test_prevent_script_breakout(self): + bad_string = '</script><script>alert("gotcha")</script>' + self.assertEqual( + r'"\u003c/script\u003e\u003cscript\u003e' + r'alert(\"gotcha\")\u003c/script\u003e"', + self.encoder.encode(bad_string)) + self.assertEqual( + bad_string, self.decoder.decode( + self.encoder.encode(bad_string))) |