# HG changeset patch # User Bob Ippolito <bob@redivi.com> # Date 1261910173 0 # Sun Dec 27 10:36:13 2009 +0000 # Node ID 7bedc133eaa040ad1da9f533de9fec27bee3ba3d # Parent aba4503d8dd179e221e48e1940577198548c3fc4 missed test case git-svn-id: http://simplejson.googlecode.com/svn/trunk@204 a4795897-2c25-0410-b006-0d3caba88fa1 diff --git a/simplejson/tests/test_encode_for_html.py b/simplejson/tests/test_encode_for_html.py new file mode 100644 --- /dev/null +++ b/simplejson/tests/test_encode_for_html.py @@ -0,0 +1,32 @@ +import unittest + +import simplejson.decoder +import simplejson.encoder + + +class TestEncodeForHTML(unittest.TestCase): + + def setUp(self): + self.decoder = simplejson.decoder.JSONDecoder() + self.encoder = simplejson.encoder.JSONEncoderForHTML() + + def test_basic_encode(self): + self.assertEqual(r'"\u0026"', self.encoder.encode('&')) + self.assertEqual(r'"\u003c"', self.encoder.encode('<')) + self.assertEqual(r'"\u003e"', self.encoder.encode('>')) + + def test_basic_roundtrip(self): + for char in '&<>': + self.assertEqual( + char, self.decoder.decode( + self.encoder.encode(char))) + + def test_prevent_script_breakout(self): + bad_string = '</script><script>alert("gotcha")</script>' + self.assertEqual( + r'"\u003c/script\u003e\u003cscript\u003e' + r'alert(\"gotcha\")\u003c/script\u003e"', + self.encoder.encode(bad_string)) + self.assertEqual( + bad_string, self.decoder.decode( + self.encoder.encode(bad_string)))