diff options
| -rw-r--r-- | tests/test_misc.py | 82 |
1 files changed, 45 insertions, 37 deletions
diff --git a/tests/test_misc.py b/tests/test_misc.py index 3767c0c..f9d3930 100644 --- a/tests/test_misc.py +++ b/tests/test_misc.py @@ -1,46 +1,13 @@ +import pytest + from webob.util import html_escape from webob.compat import ( text_, PY3 ) -def test_html_escape(): - if PY3: - EXPECTED_LT = 'expected a '<'.' - else: - EXPECTED_LT = "expected a '<'." - for v, s in [ - # unsafe chars - ('these chars: < > & "', 'these chars: < > & "'), - (' ', ' '), - ('è', '&egrave;'), - # The apostrophe is *not* escaped, which some might consider to be - # a serious bug (see, e.g. http://www.cvedetails.com/cve/CVE-2010-2480/) - (text_('the majestic m\xf8ose'), 'the majestic møose'), - # ("'", "'") - - # 8-bit strings are passed through - (text_('\xe9'), 'é'), - # (text_(b'the majestic m\xf8ose').encode('utf-8'), - # 'the majestic m\xc3\xb8ose'), - - # ``None`` is treated specially, and returns the empty string. - (None, ''), - - # Objects that define a ``__html__`` method handle their own escaping - (t_esc_HTML(), '<div>hello</div>'), - - # Things that are not strings are converted to strings and then escaped - (42, '42'), - (Exception("expected a '<'."), EXPECTED_LT), - - # If an object implements both ``__str__`` and ``__unicode__``, the latter - # is preferred - (t_esc_SuperMoose(), 'møose'), - (t_esc_Unicode(), 'é'), - (t_esc_UnsafeAttrs(), '<UnsafeAttrs>'), - ]: - assert html_escape(v) == s +py2only = pytest.mark.skipif("sys.version_info >= (3, 0)") +py3only = pytest.mark.skipif("sys.version_info < (3, 0)") class t_esc_HTML(object): def __html__(self): @@ -63,3 +30,44 @@ class t_esc_SuperMoose(object): return text_(b'm\xf8ose').encode('utf-8') def __unicode__(self): return text_(b'm\xf8ose') + + +@pytest.mark.parametrize("input,expected", [ + ('these chars: < > & "', 'these chars: < > & "'), + (' ', ' '), + ('è', '&egrave;'), + + # The apostrophe is *not* escaped, which some might consider to be + # a serious bug (see, e.g. http://www.cvedetails.com/cve/CVE-2010-2480/) + pytest.param("'", "'", marks=py2only), + pytest.param("'", "'", marks=py3only), + + (text_('the majestic m\xf8ose'), 'the majestic møose'), + + # 8-bit strings are passed through + (text_('\xe9'), 'é'), + + # ``None`` is treated specially, and returns the empty string. + (None, ''), + + # Objects that define a ``__html__`` method handle their own escaping + (t_esc_HTML(), '<div>hello</div>'), + + # Things that are not strings are converted to strings and then escaped + (42, '42'), + + # If an object implements both ``__str__`` and ``__unicode__``, the latter + # is preferred + (t_esc_SuperMoose(), 'møose'), + (t_esc_Unicode(), 'é'), + (t_esc_UnsafeAttrs(), '<UnsafeAttrs>'), + + pytest.param(Exception("expected a '<'."), "expected a '<'.", marks=py2only), + pytest.param( + Exception("expected a '<'."), + "expected a '<'.", + marks=py3only + ), +]) +def test_html_escape(input, expected): + assert expected == html_escape(input) |