Show More
| @@ -219,6 +219,7 b' class _ToolTip(object):' | |||
|
|
219 | 219 | |
|
|
220 | 220 | tooltip = _ToolTip() |
|
|
221 | 221 | |
|
|
222 | files_icon = icon = '<i class="file-breadcrumb-copy tooltip icon-clipboard clipboard-action" data-clipboard-text="{}" title="Copy the full path"></i>' | |
|
|
222 | 223 | |
|
|
223 | 224 | def files_breadcrumbs(repo_name, commit_id, file_path, at_ref=None, limit_items=False): |
|
|
224 | 225 | if isinstance(file_path, str): |
| @@ -265,7 +266,7 b' def files_breadcrumbs(repo_name, commit_' | |||
|
|
265 | 266 | url_segments = limited_url_segments |
|
|
266 | 267 | |
|
|
267 | 268 | full_path = file_path |
|
|
268 | icon = '<i class="file-breadcrumb-copy tooltip icon-clipboard clipboard-action" data-clipboard-text="{}" title="Copy the full path"></i>'.format(full_path) | |
|
|
269 | icon = files_icon.format(escape(full_path)) | |
|
|
269 | 270 | if file_path == '': |
|
|
270 | 271 | return root_name |
|
|
271 | 272 | else: |
| @@ -40,27 +40,52 b' def test_urlify_text(url, expected_url):' | |||
|
|
40 | 40 | |
|
|
41 | 41 | |
|
|
42 | 42 | @pytest.mark.parametrize('repo_name, commit_id, path, expected_result', [ |
|
|
43 | # Simple case 1 | |
|
|
44 | ('repo', 'commit', 'a/b', | |
|
|
45 | '<a href="/repo/files/commit/"><i class="icon-home"></i></a>' | |
|
|
46 | ' / ' | |
|
|
47 | '<a href="/repo/files/commit/a">a</a>' | |
|
|
48 | ' / ' | |
|
|
49 | 'b'), | |
|
|
50 | ||
|
|
51 | # Simple case | |
|
|
43 | 52 | ('rX<X', 'cX<X', 'pX<X/aX<X/bX<X', |
|
|
44 |
'<a href="/rX%3CX/files/cX%3CX/"> |
|
|
|
45 | '<a href="/rX%3CX/files/cX%3CX/pX%3CX">pX<X</a>/' | |
|
|
46 |
'<a href="/rX%3CX/files/cX%3CX/pX% |
|
|
|
47 | '</a>/bX<X'), | |
|
|
53 | '<a href="/rX%3CX/files/cX%3CX/"><i class="icon-home"></i></a>' | |
|
|
54 | ' / ' | |
|
|
55 | '<a href="/rX%3CX/files/cX%3CX/pX%3CX">pX<X</a>' | |
|
|
56 | ' / ' | |
|
|
57 | '<a href="/rX%3CX/files/cX%3CX/pX%3CX/aX%3CX">aX<X</a>' | |
|
|
58 | ' / ' | |
|
|
59 | 'bX<X'), | |
|
|
60 | ||
|
|
48 | 61 | # Path with only one segment |
|
|
49 | 62 | ('rX<X', 'cX<X', 'pX<X', |
|
|
50 |
'<a href="/rX%3CX/files/cX%3CX/"> |
|
|
|
63 | '<a href="/rX%3CX/files/cX%3CX/"><i class="icon-home"></i></a>' | |
|
|
64 | ' / ' | |
|
|
65 | 'pX<X'), | |
|
|
66 | ||
|
|
51 | 67 | # Empty path |
|
|
52 |
('rX<X', 'cX<X', '', |
|
|
|
68 | ('rX<X', 'cX<X', '', | |
|
|
69 | '<i class="icon-home"></i>'), | |
|
|
70 | ||
|
|
71 | # simple quote | |
|
|
53 | 72 | ('rX"X', 'cX"X', 'pX"X/aX"X/bX"X', |
|
|
54 |
'<a href="/rX%22X/files/cX%22X/"> |
|
|
|
55 | '<a href="/rX%22X/files/cX%22X/pX%22X">pX"X</a>/' | |
|
|
56 |
'<a href="/rX%22X/files/cX%22X/pX%22X |
|
|
|
57 | '</a>/bX"X'), | |
|
|
58 | ], ids=['simple', 'one_segment', 'empty_path', 'simple_quote']) | |
|
|
73 | '<a href="/rX%22X/files/cX%22X/"><i class="icon-home"></i></a>' | |
|
|
74 | ' / ' | |
|
|
75 | '<a href="/rX%22X/files/cX%22X/pX%22X">pX"X</a>' | |
|
|
76 | ' / ' | |
|
|
77 | '<a href="/rX%22X/files/cX%22X/pX%22X/aX%22X">aX"X</a>' | |
|
|
78 | ' / ' | |
|
|
79 | 'bX"X'), | |
|
|
80 | ||
|
|
81 | ], ids=['simple1', 'simple2', 'one_segment', 'empty_path', 'simple_quote']) | |
|
|
59 | 82 | def test_files_breadcrumbs_xss( |
|
|
60 | 83 | repo_name, commit_id, path, app, expected_result): |
|
|
61 | 84 | result = helpers.files_breadcrumbs(repo_name, commit_id, path) |
|
|
62 | 85 | # Expect it to encode all path fragments properly. This is important |
|
|
63 | 86 | # because it returns an instance of `literal`. |
|
|
87 | if path != '': | |
|
|
88 | expected_result = expected_result + helpers.files_icon.format(helpers.escape(path)) | |
|
|
64 | 89 | assert result == expected_result |
|
|
65 | 90 | |
|
|
66 | 91 | |
General Comments 0
You need to be logged in to leave comments.
Login now