Coverage for tdom / escaping_test.py: 100%

49 statements  

« prev     ^ index     » next       coverage.py v7.13.5, created at 2026-05-03 21:23 +0000

1from markupsafe import Markup 

2 

3from .escaping import ( 

4 escape_html_comment, 

5 escape_html_script, 

6 escape_html_style, 

7 escape_html_text, 

8) 

9 

10 

11def test_escape_html_text() -> None: 

12 assert escape_html_text("<div>") == "&lt;div&gt;" 

13 

14 

15def test_escape_html_comment_empty() -> None: 

16 assert escape_html_comment("") == "" 

17 

18 

19def test_escape_html_comment_no_special() -> None: 

20 assert escape_html_comment("This is a comment.") == "This is a comment." 

21 

22 

23def test_escape_html_comment_starts_with_gt() -> None: 

24 assert escape_html_comment(">This is a comment.") == "&gt;This is a comment." 

25 

26 

27def test_escape_html_comment_starts_with_dash_gt() -> None: 

28 assert escape_html_comment("->This is a comment.") == "-&gt;This is a comment." 

29 

30 

31def test_escape_html_comment_contains_special_strings() -> None: 

32 input_text = "This is <!-- a comment --> with --!> special strings." 

33 expected_output = "This is &lt;!-- a comment --&gt; with --!&gt; special strings." 

34 assert escape_html_comment(input_text) == expected_output 

35 

36 

37def test_escape_html_comment_ends_with_lt_dash() -> None: 

38 assert escape_html_comment("This is a comment<!-") == "This is a comment&lt;!-" 

39 

40 

41def test_escape_html_comment_markup() -> None: 

42 input_text = "-->" 

43 escaped_text = "--&gt;" 

44 out = escape_html_comment(Markup(input_text), allow_markup=False) 

45 assert out != input_text and out == escaped_text 

46 out = escape_html_comment(Markup(input_text), allow_markup=True) 

47 assert out == input_text and out != escaped_text 

48 

49 

50def test_escape_html_style() -> None: 

51 input_text = "body { color: red; }</style> p { font-SIZE: 12px; }</STYLE>" 

52 expected_output = ( 

53 "body { color: red; }&lt;/style> p { font-SIZE: 12px; }&lt;/STYLE>" 

54 ) 

55 assert escape_html_style(input_text) == expected_output 

56 

57 

58def test_escape_html_style_markup() -> None: 

59 input_text = "</STYLE>" 

60 escaped_text = "&lt;/STYLE>" 

61 out = escape_html_style(Markup(input_text), allow_markup=False) 

62 assert out != input_text and out == escaped_text 

63 out = escape_html_style(Markup(input_text), allow_markup=True) 

64 assert out == input_text and out != escaped_text 

65 

66 

67def test_escape_html_script() -> None: 

68 input_text = "<!-- <script>var a = 1;</script> </SCRIPT>" 

69 expected_output = "\\x3c!-- \\x3cscript>var a = 1;\\x3c/script> \\x3c/SCRIPT>" 

70 assert escape_html_script(input_text) == expected_output 

71 # Smoketest that escaping is working and we are not just escaping back to the same value. 

72 for text in ("<script", "</script", "<!--"): 

73 assert escape_html_script(text) != text 

74 

75 

76def test_escape_html_script_markup() -> None: 

77 input_text = "<script>" 

78 escaped_text = "\\x3cscript>" 

79 out = escape_html_script(Markup(input_text), allow_markup=False) 

80 assert out != input_text and out == escaped_text 

81 out = escape_html_script(Markup(input_text), allow_markup=True) 

82 assert out == input_text and out != escaped_text