[CalendarServer-changes] [8073] CalendarServer/branches/users/glyph/other-html/twistedcaldav/test/ test_extensions.py
source_changes at macosforge.org
source_changes at macosforge.org
Tue Sep 13 12:09:48 PDT 2011
Revision: 8073
http://trac.macosforge.org/projects/calendarserver/changeset/8073
Author: glyph at apple.com
Date: 2011-09-13 12:09:48 -0700 (Tue, 13 Sep 2011)
Log Message:
-----------
funky letters might appear in filenames, make sure they're not XSS either.
Modified Paths:
--------------
CalendarServer/branches/users/glyph/other-html/twistedcaldav/test/test_extensions.py
Modified: CalendarServer/branches/users/glyph/other-html/twistedcaldav/test/test_extensions.py
===================================================================
--- CalendarServer/branches/users/glyph/other-html/twistedcaldav/test/test_extensions.py 2011-09-13 19:09:42 UTC (rev 8072)
+++ CalendarServer/branches/users/glyph/other-html/twistedcaldav/test/test_extensions.py 2011-09-13 19:09:48 UTC (rev 8073)
@@ -105,7 +105,8 @@
"""
@inlineCallbacks
- def doDirectoryTest(self, addedNames, modify=lambda x: None, expectedNames=None):
+ def doDirectoryTest(self, addedNames, modify=lambda x: None,
+ expectedNames=None):
"""
Do a test of a L{DAVFile} pointed at a directory, verifying that files
existing with the given names will be faithfully 'played back' via HTML
@@ -119,9 +120,8 @@
fp.child(sampleName).touch()
df = DAVFile(fp)
modify(df)
- responseXML = browserHTML2ETree(
- (yield df.render(SimpleFakeRequest('/'))).stream.read()
- )
+ responseText = (yield df.render(SimpleFakeRequest('/'))).stream.read()
+ responseXML = browserHTML2ETree(responseText)
names = set([element.text.encode("utf-8")
for element in responseXML.findall(".//a")])
self.assertEquals(set(expectedNames), names)
@@ -185,7 +185,16 @@
[nonASCIIFilename.encode("utf-8")])
+ def test_quotedCharacters(self):
+ """
+ Filenames might contain < or > characters, which need to be quoted in
+ HTML.
+ """
+ return self.doDirectoryTest([u'<a>.txt', u'<script>.html',
+ u'<style>.xml'])
+
+
class ChildTraversalTests(TestCase):
def test_makeChildDeferred(self):
"""
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110913/f64fdee4/attachment.html>
More information about the calendarserver-changes
mailing list