diff options
| author | Martin Panter <vadmium+py@gmail.com> | 2016-04-11 00:40:08 (GMT) |
|---|---|---|
| committer | Martin Panter <vadmium+py@gmail.com> | 2016-04-11 00:40:08 (GMT) |
| commit | da3bb38452740cec27723d7dc89a926547613204 (patch) | |
| tree | 9907103f7d92f03ffe3f5ef1d476e0d3b9fa47aa /Lib/test/test_httpservers.py | |
| parent | 50ab1a3694c43b9ab6798b98d9e5983c78cb17e2 (diff) | |
| download | cpython-da3bb38452740cec27723d7dc89a926547613204.zip cpython-da3bb38452740cec27723d7dc89a926547613204.tar.gz cpython-da3bb38452740cec27723d7dc89a926547613204.tar.bz2 | |
Issue #26585: Eliminate _quote_html() and use html.escape(quote=False)
Patch by Xiang Zhang.
Diffstat (limited to 'Lib/test/test_httpservers.py')
| -rw-r--r-- | Lib/test/test_httpservers.py | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py index c752fd8..3856d00 100644 --- a/Lib/test/test_httpservers.py +++ b/Lib/test/test_httpservers.py @@ -344,7 +344,7 @@ class SimpleHTTPServerTestCase(BaseTestCase): quotedname = urllib.parse.quote(filename, errors='surrogatepass') self.assertIn(('href="%s"' % quotedname) .encode(enc, 'surrogateescape'), body) - self.assertIn(('>%s<' % html.escape(filename)) + self.assertIn(('>%s<' % html.escape(filename, quote=False)) .encode(enc, 'surrogateescape'), body) response = self.request(self.base_url + '/' + quotedname) self.check_status_and_reason(response, HTTPStatus.OK, @@ -422,6 +422,27 @@ class SimpleHTTPServerTestCase(BaseTestCase): self.assertEqual(response.getheader("Location"), self.tempdir_name + "/?hi=1") + def test_html_escape_filename(self): + filename = '<test&>.txt' + fullpath = os.path.join(self.tempdir, filename) + + try: + open(fullpath, 'w').close() + except OSError: + raise unittest.SkipTest('Can not create file %s on current file ' + 'system' % filename) + + try: + response = self.request(self.base_url + '/') + body = self.check_status_and_reason(response, HTTPStatus.OK) + enc = response.headers.get_content_charset() + finally: + os.unlink(fullpath) # avoid affecting test_undecodable_filename + + self.assertIsNotNone(enc) + html_text = '>%s<' % html.escape(filename, quote=False) + self.assertIn(html_text.encode(enc), body) + cgi_file1 = """\ #!%s @@ -883,6 +904,13 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase): self.assertFalse(self.handler.get_called) self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1') + def test_html_escape_on_error(self): + result = self.send_typical_request( + b'<script>alert("hello")</script> / HTTP/1.1') + result = b''.join(result) + text = '<script>alert("hello")</script>' + self.assertIn(html.escape(text, quote=False).encode('ascii'), result) + def test_close_connection(self): # handle_one_request() should be repeatedly called until # it sets close_connection |