diff --git a/app/tests/core_tests/test_markdown.py b/app/tests/core_tests/test_markdown.py index 2dedc5df6..75e887f1c 100644 --- a/app/tests/core_tests/test_markdown.py +++ b/app/tests/core_tests/test_markdown.py @@ -190,118 +190,71 @@ def test_function(): ), ( "<script>alert("foo")</script>", - "<script>alert("foo")</script>", - ), - ), -) -def test_markdown_rendering(markdown_with_html, expected_output): - output = md2html(markdown=markdown_with_html) - assert output == expected_output - - -@pytest.mark.parametrize( - "markdown_with_html, expected_output", - ( - ( - textwrap.dedent( - """\ - - [![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)""" - ), - textwrap.dedent( - """\ -

-

""" - ), - ), - ( - textwrap.dedent( - """\ - - [![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)""" - ), - textwrap.dedent( - """\ -

-

""" - ), - ), - ( - textwrap.dedent( - """\ - - [![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)""" - ), - textwrap.dedent( - """\ -

-

""" - ), + "

<script>alert("foo")</script>

", ), ( - textwrap.dedent( - """\ - - [![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)""" - ), - textwrap.dedent( - """\ -

-

""" - ), - ), - ( - textwrap.dedent( - """\ - - [![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)""" - ), - textwrap.dedent( - """\ -

-

""" - ), + "[![](http://minio.localhost:9000/grand-challenge-public/i/2024/08/06/77c8d999-c22b-4983-8558-8e1fa364cd2c.jpg)](https://google.com)", + '

', ), ), ) -def test_setting_class_to_html_img_within_markdown( - markdown_with_html, expected_output -): +def test_markdown_rendering(markdown_with_html, expected_output): output = md2html(markdown=markdown_with_html) - assert output == expected_output @pytest.mark.parametrize( - "html, is_safe", + "html, tag_classes, expected_output, is_safe", [ - ( + ( # Safe input mark_safe("
Content
"), + {}, + "
Content
", True, ), - ( + ( # Unsafe input + "
Content
", + {}, "
Content
", False, ), + ( # Escaped classes + mark_safe("
Content
"), + {"div": ['']}, + '
Content
', + True, + ), + ( # Empty class + '
Content
', + {"div": ["foo"]}, + '
Content
', + False, + ), + ( # Existing class + '
Content
', + {"div": ["foo"]}, + '
Content
', + False, + ), + ( # Extension class already present + '
Content
', + {"div": ["foo"]}, + '
Content
', + False, + ), + ( # Existing class + extension class + '
Content
', + {"div": ["foo"]}, + '
Content
', + False, + ), ], ) -def test_extend_html_tag_classes_insecure_markup(html, is_safe): - tag_classes = {"div": ["new-class"]} - - # Instantiate the class +def test_extend_html_tag_classes(html, tag_classes, expected_output, is_safe): extender = ExtendHTMLTagClasses(tag_classes) + output = extender(html) - # Process the HTML - result = extender(html) + assert output == expected_output # Check if the output matches the expected safety status - assert isinstance(result, SafeString) == is_safe - - -def test_extend_html_tag_classes_insecure_classes(): - extender = ExtendHTMLTagClasses({"div": ['']}) - output = extender("
Content
") - assert ( - output - == '
Content
' - ) + assert isinstance(output, SafeString) == is_safe