"""Tests for the HTMLSanitize preprocessor""" from nbformat import v4 as nbformat from ..sanitize import SanitizeHTML from .base import PreprocessorTestsBase class TestSanitizer(PreprocessorTestsBase): """Contains test functions for sanitize.py""" maxDiff = None def build_preprocessor(self): """Make an instance of a preprocessor""" preprocessor = SanitizeHTML() preprocessor.enabled = True return preprocessor def preprocess_source(self, cell_type, source, preprocessor): nb = self.build_notebook() res = self.build_resources() nb.cells[0].cell_type = cell_type nb.cells[0].source = source nb, res = preprocessor(nb, res) return nb.cells[0].source def test_constructor(self): """Can a SanitizeHTML be constructed?""" self.build_preprocessor() def test_svg_handling(self): """ Test to make sure that svgs are handled 'properly' We only allow tags (via markdown syntax) and not all the other ways to embed svg: , , """, preprocessor, ).strip(), """ ![some image](http://example.com/something.svg) """.strip(), ) def test_tag_allowlist_stripping(self): """Test tag allowlisting + stripping out offending tags""" preprocessor = self.build_preprocessor() preprocessor.strip = True self.assertEqual( self.preprocess_source( "markdown", "_A_ few ", preprocessor ), "_A_ few tags", ) def test_comment_stripping(self): """Test HTML comment stripping""" preprocessor = self.build_preprocessor() self.assertEqual( self.preprocess_source("markdown", "_A_ few ", preprocessor), "_A_ few ", ) preprocessor.strip_comments = False self.assertEqual( self.preprocess_source("markdown", "_A_ few ", preprocessor), "_A_ few ", ) def test_attributes_allowlist(self): """Test style""" preprocessor = self.build_preprocessor() preprocessor.attributes["a"] = ["href", "title"] self.assertEqual( self.preprocess_source( "markdown", 'Hi', preprocessor ), 'Hi', ) def test_style_allowlist(self): """Test style""" preprocessor = self.build_preprocessor() if "*" in preprocessor.attributes: preprocessor.attributes["*"].append("style") else: preprocessor.attributes["*"] = ["style"] preprocessor.styles = [ "color", ] self.assertEqual( self.preprocess_source( "markdown", '_A_ ' "few ", preprocessor, ), '_A_ few <script>tags</script>', ) def test_tag_passthrough(self): """Test passing through raw output""" preprocessor = self.build_preprocessor() self.assertEqual( self.preprocess_source("raw", "_A_ few ", preprocessor), "_A_ few <script>tags</script>", ) def test_output_sanitizing(self): """Test that outputs are also sanitized properly""" preprocessor = self.build_preprocessor() nb = self.build_notebook() outputs = [ nbformat.new_output( "display_data", data={ "text/plain": "b", "text/html": "", "text/css": "", }, ), nbformat.new_output("stream", name="stdout", text="wat"), nbformat.new_output("stream", name="stdout", text=""), ] nb.cells[0].outputs = outputs res = self.build_resources() nb, res = preprocessor(nb, res) expected_output = [ { "data": {"text/html": "<script>more evil</script>", "text/plain": "b"}, "metadata": {}, "output_type": "display_data", }, {"name": "stdout", "output_type": "stream", "text": "wat"}, {"name": "stdout", "output_type": "stream", "text": ""}, ] self.assertEqual(nb.cells[0].outputs, expected_output) def test_tag_allowlist(self): """Test tag allowlisting""" preprocessor = self.build_preprocessor() self.assertEqual( self.preprocess_source( "markdown", "_A_ few ", preprocessor ), "_A_ few <script>tags</script>", )