Show More
| @@ -20,17 +20,16 b'' | |||||
| 20 |
|
20 | |||
| 21 |
|
21 | |||
| 22 | import pytest |
|
22 | import pytest | |
| 23 | from pylons import tmpl_context as c |
|
|||
| 24 |
|
23 | |||
| 25 | import rhodecode |
|
24 | import rhodecode | |
| 26 |
from rhodecode.model.db import Repository |
|
25 | from rhodecode.model.db import Repository | |
| 27 | from rhodecode.model.meta import Session |
|
26 | from rhodecode.model.meta import Session | |
| 28 | from rhodecode.model.repo import RepoModel |
|
27 | from rhodecode.model.repo import RepoModel | |
| 29 | from rhodecode.model.repo_group import RepoGroupModel |
|
28 | from rhodecode.model.repo_group import RepoGroupModel | |
| 30 | from rhodecode.model.settings import SettingsModel |
|
29 | from rhodecode.model.settings import SettingsModel | |
| 31 | from rhodecode.tests import TestController |
|
30 | from rhodecode.tests import TestController | |
| 32 | from rhodecode.tests.fixture import Fixture |
|
31 | from rhodecode.tests.fixture import Fixture | |
| 33 |
|
32 | from rhodecode.lib import helpers as h | ||
| 34 |
|
33 | |||
| 35 | fixture = Fixture() |
|
34 | fixture = Fixture() | |
| 36 |
|
35 | |||
| @@ -55,6 +54,8 b' class TestHomeController(TestController)' | |||||
| 55 | response.mustcontain('"name_raw": "%s"' % repo.repo_name) |
|
54 | response.mustcontain('"name_raw": "%s"' % repo.repo_name) | |
| 56 |
|
55 | |||
| 57 | def test_index_contains_statics_with_ver(self): |
|
56 | def test_index_contains_statics_with_ver(self): | |
|
|
57 | from pylons import tmpl_context as c | |||
|
|
58 | ||||
| 58 | self.log_user() |
|
59 | self.log_user() | |
| 59 | response = self.app.get(route_path('home')) |
|
60 | response = self.app.get(route_path('home')) | |
| 60 |
|
61 | |||
| @@ -103,19 +104,15 b' class TestHomeController(TestController)' | |||||
| 103 | user = user_util.create_user() |
|
104 | user = user_util.create_user() | |
| 104 | username = user.username |
|
105 | username = user.username | |
| 105 | user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">' |
|
106 | user.name = '<img src="/image1" onload="alert(\'Hello, World!\');">' | |
| 106 | user.lastname = ( |
|
107 | user.lastname = '#"><img src=x onerror=prompt(document.cookie);>' | |
| 107 | '<img src="/image2" onload="alert(\'Hello, World!\');">') |
|
108 | ||
| 108 | Session().add(user) |
|
109 | Session().add(user) | |
| 109 | Session().commit() |
|
110 | Session().commit() | |
| 110 | user_util.create_repo(owner=username) |
|
111 | user_util.create_repo(owner=username) | |
| 111 |
|
112 | |||
| 112 | response = self.app.get(route_path('home')) |
|
113 | response = self.app.get(route_path('home')) | |
| 113 | response.mustcontain( |
|
114 | response.mustcontain(h.html_escape(h.escape(user.name))) | |
| 114 | '<img src="/image1" onload="' |
|
115 | response.mustcontain(h.html_escape(h.escape(user.lastname))) | |
| 115 | 'alert('Hello, World!');">') |
|
|||
| 116 | response.mustcontain( |
|
|||
| 117 | '<img src="/image2" onload="' |
|
|||
| 118 | 'alert('Hello, World!');">') |
|
|||
| 119 |
|
116 | |||
| 120 | @pytest.mark.parametrize("name, state", [ |
|
117 | @pytest.mark.parametrize("name, state", [ | |
| 121 | ('Disabled', False), |
|
118 | ('Disabled', False), | |
General Comments 0
You need to be logged in to leave comments.
Login now