File: test_jinja_extension.py

package info (click to toggle)
python-django-csp 3.8-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 300 kB
  • sloc: python: 935; makefile: 135; sh: 6
file content (87 lines) | stat: -rw-r--r-- 2,957 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
from csp.tests.utils import ScriptExtensionTestBase


class TestJinjaExtension(ScriptExtensionTestBase):
    def test_script_tag_injects_nonce(self):
        tpl = """
            {% script %}
                var hello='world';
            {% endscript %}
        """

        expected = """<script nonce="{}">var hello='world';</script>"""
        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_script_with_src_ignores_body(self):
        tpl = """
            {% script src="foo" %}
                var hello='world';
            {% endscript %}
        """

        expected = """<script nonce="{}" src="foo"></script>"""

        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_script_tag_sets_attrs_correctly(self):
        tpl = """
            {% script id='jeff' defer=True %}
                var hello='world';
            {% endscript %}
            """
        expected = """
            <script nonce="{}" id="jeff" defer>
                var hello='world';
            </script>"""

        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_async_attribute_with_falsey(self):
        tpl = """
            {% script id="jeff" async=False %}
                var hello='world';
            {% endscript %}"""

        expected = '<script nonce="{}" id="jeff" async=false>var hello=\'world\';</script>'

        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_async_attribute_with_truthy(self):
        tpl = """
            {% script id="jeff" async=True %}
                var hello='world';
            {% endscript %}"""

        expected = '<script nonce="{}" id="jeff" async>var hello=\'world\';</script>'

        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_nested_script_tags_are_removed(self):
        """Let users wrap their code in script tags for the sake of their
        development environment"""
        tpl = """
            {% script type="application/javascript" id="jeff" defer=True%}
                <script type="text/javascript">
                var hello='world';
                </script>
            {% endscript %}"""

        expected = '<script nonce="{}" id="jeff" type="application/javascript" defer>var hello=\'world\';</script>'

        self.assert_template_eq(*self.process_templates(tpl, expected))

    def test_regex_captures_script_content_including_brackets(self):
        """
        Ensure that script content get captured properly.
        Especially when using angle brackets."""
        tpl = """
            {% script %}
            <script type="text/javascript">
                let capture_text = "<script></script>"
            </script>
            {% endscript %}
            """

        expected = '<script nonce="{}">let capture_text = "<script></script>"</script>'

        self.assert_template_eq(*self.process_templates(tpl, expected))