Back to index

plone3  3.1.7
Public Member Functions | Public Attributes
PortalTransforms.tests.test_xss.TestXSSFilter Class Reference
Inheritance diagram for PortalTransforms.tests.test_xss.TestXSSFilter:
Inheritance graph
[legend]
Collaboration diagram for PortalTransforms.tests.test_xss.TestXSSFilter:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def afterSetUp
def doTest
def test_1
def test_2
def test_3
def test_4
def test_5
def test_6
def test_7
def test_8
def test_9
def test_10
def test_11
def test_12
def test_13
def test_14
def test_15
def test_16
def test_17
def test_18
def test_19
def test_20
def test_21
def test_22

Public Attributes

 engine

Detailed Description

Definition at line 11 of file test_xss.py.


Member Function Documentation

Definition at line 13 of file test_xss.py.

00013 
00014    def afterSetUp(self):
00015        ATSiteTestCase.afterSetUp(self)
00016        self.engine = self.portal.portal_transforms

def PortalTransforms.tests.test_xss.TestXSSFilter.doTest (   self,
  data_in,
  data_out 
)

Definition at line 17 of file test_xss.py.

00017 
00018    def doTest(self, data_in, data_out):
00019        html = self.engine.convertTo('text/x-html-safe', data_in, mimetype="text/html")
00020        assert(html.getData())
00021        self.assertEqual (data_out,html.getData())
00022 
00023 

Here is the caller graph for this function:

Definition at line 24 of file test_xss.py.

00024 
00025    def test_1(self):
00026        data_in = """<html><body><img src="javascript:Alert('XSS');" /></body></html>"""
00027        data_out = """<img />"""
00028        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 76 of file test_xss.py.

00076 
00077    def test_10(self):
00078        data_in = """<div style="bacground:url(&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;">test</div>"""
00079        data_out = """<div>test</div>"""
00080        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 81 of file test_xss.py.

00081 
00082    def test_11(self):
00083        data_in = """<div style="bacground:url(v b  sc  ript:msgbox('XSS')">test</div>"""
00084        data_out = """<div>test</div>"""
00085        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 86 of file test_xss.py.

00086 
00087    def test_12(self):
00088        data_in = """<img src="vbscript:msgbox('XSS')"/>"""
00089        data_out = """<img />"""
00090        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 91 of file test_xss.py.

00091 
00092    def test_13(self):
00093        data_in = """<img src="vb
00094        sc
00095        ript:msgbox('XSS')"/>"""
00096        data_out = """<img />"""
00097        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 98 of file test_xss.py.

00098 
00099    def test_14(self):
00100        data_in = """<a href="vbscript:Alert('XSS')">test</a>"""
00101        data_out = """<a>test</a>"""
00102        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 103 of file test_xss.py.

00103 
00104    def test_15(self):
00105        data_in = """<div STYLE="width: expression(window.location='http://www.dr.dk';);">div</div>"""
00106        data_out = """<div>div</div>"""
00107        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 108 of file test_xss.py.

00108 
00109    def test_16(self):
00110        data_in = """<div STYLE="width: ex pre ss   io n(window.location='http://www.dr.dk';);">div</div>"""
00111        data_out = """<div>div</div>"""
00112        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 113 of file test_xss.py.

00113 
00114    def test_17(self):
00115        data_in = """<div STYLE="width: ex
00116        pre
00117        ss
00118        io
00119        n(window.location='http://www.dr.dk';);">div</div>"""
00120        data_out = """<div>div</div>"""
00121        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 122 of file test_xss.py.

00122 
00123    def test_18(self):
00124        data_in = """<div style="width: 14px;">div</div>"""
00125        data_out = data_in
00126        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 127 of file test_xss.py.

00127 
00128    def test_19(self):
00129        data_in = """<a href="http://www.headnet.dk">headnet</a>"""
00130        data_out = data_in
00131        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 29 of file test_xss.py.

00029 
00030    def test_2(self):
00031        data_in = """<img src="javascript:Alert('XSS');" />"""
00032        data_out = """<img />"""
00033        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 132 of file test_xss.py.

00132 
00133    def test_20(self):
00134        data_in = """<img src="http://www.headnet.dk/log.jpg" />"""
00135        data_out = data_in
00136        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 137 of file test_xss.py.

00137 
00138    def test_21(self):
00139        data_in = """<mustapha name="mustap" tlf="11 11 11 11" address="unknown">bla bla bla</mustapha>"""
00140        data_out = """bla bla bla"""
00141        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 142 of file test_xss.py.

00142 
00143    def test_22(self):
00144        data_in = '<<frame></frame>script>alert("XSS");<<frame></frame>/script>'
00145        data_out = '&lt;script&gt;alert("XSS");&lt;/script&gt;'
00146        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 34 of file test_xss.py.

00034 
00035    def test_3(self):
00036        data_in = """<html><body><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;></body></html>"""
00037        data_out = """<img />"""
00038        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 39 of file test_xss.py.

00039 
00040    def test_4(self):
00041        data_in = """<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>"""
00042        data_out = """<img />"""
00043 
00044        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 45 of file test_xss.py.

00045 
00046    def test_5(self):
00047        data_in = """<img src="jav
00048        asc
00049        ript:Alert('XSS');" />"""
00050        data_out = """<img />"""
00051        self.doTest(data_in, data_out)
00052 

Here is the call graph for this function:

Definition at line 53 of file test_xss.py.

00053 
00054    def test_6(self):
00055        data_in = """<img src="jav asc ript:Alert('XSS');"/>"""
00056        data_out = """<img />"""
00057        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 58 of file test_xss.py.

00058 
00059    def test_7(self):
00060        data_in = """<a href=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>test med a-tag</a>"""
00061        data_out = """<a>test med a-tag</a>"""
00062        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 63 of file test_xss.py.

00063 
00064    def test_8(self):
00065        data_in = """<div style="bacground:url(jav asc ript:Alert('XSS')">test</div>"""
00066        data_out = """<div>test</div>"""
00067        self.doTest(data_in, data_out)

Here is the call graph for this function:

Definition at line 68 of file test_xss.py.

00068 
00069    def test_9(self):
00070        data_in = """<div style="bacground:url(jav
00071        asc
00072        ript:
00073        Alert('XSS')">test</div>"""
00074        data_out = """<div>test</div>"""
00075        self.doTest(data_in, data_out)

Here is the call graph for this function:


Member Data Documentation

Definition at line 15 of file test_xss.py.


The documentation for this class was generated from the following file: