mirrors/django-components
1
0
Fork 0
mirror of https://github.com/django-components/django-components.git synced 2025-09-23 22:22:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Inline test_replace_slot_in_view_with_insecure_content.

Browse source
This commit is contained in:
Emil Stenström 2024-05-02 23:09:17 +02:00
parent 2949969ea5
commit 61b0832525
1 changed files with 14 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

30
tests/test_component_as_view.py
View file

@ -29,22 +29,8 @@ class MockInsecureComponentContext(component.Component):
return self.render_to_response({"variable": "<script>alert(1);</script>"}) return self.render_to_response({"variable": "<script>alert(1);</script>"})
class MockInsecureComponentSlot(component.Component):
template = """
{% load component_tags %}
<div>
{% slot "test_slot" %}
{% endslot %}
</div>
"""
def get(self, request, *args, **kwargs) -> HttpResponse:
return self.render_to_response({}, {"test_slot": "<script>alert(1);</script>"})
components_urlpatterns = [ components_urlpatterns = [
path("test_context_insecure/", MockInsecureComponentContext.as_view()), path("test_context_insecure/", MockInsecureComponentContext.as_view()),
path("test_slot_insecure/", MockInsecureComponentSlot.as_view()),
] ]
@ -75,7 +61,6 @@ class TestComponentAsView(BaseTestCase):
@classmethod @classmethod
def setUpClass(self): def setUpClass(self):
component.registry.register("testcomponent_context_insecure", MockInsecureComponentContext) component.registry.register("testcomponent_context_insecure", MockInsecureComponentContext)
component.registry.register("testcomponent_slot_insecure", MockInsecureComponentSlot)
def setUp(self): def setUp(self):
self.client = CustomClient() self.client = CustomClient()
@ -196,7 +181,20 @@ class TestComponentAsView(BaseTestCase):
) )
def test_replace_slot_in_view_with_insecure_content(self): def test_replace_slot_in_view_with_insecure_content(self):
response = self.client.get("/test_slot_insecure/") class MockInsecureComponentSlot(component.Component):
template = """
{% load component_tags %}
<div>
{% slot "test_slot" %}
{% endslot %}
</div>
"""
def get(self, request, *args, **kwargs) -> HttpResponse:
return self.render_to_response({}, {"test_slot": "<script>alert(1);</script>"})
client = CustomClient(urlpatterns=[path("test_slot_insecure/", MockInsecureComponentSlot.as_view())])
response = client.get("/test_slot_insecure/")
self.assertEqual(response.status_code, 200) self.assertEqual(response.status_code, 200)
self.assertNotIn( self.assertNotIn(
b"<script>", b"<script>",