[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py Add tests that DTML with fmt="restructured-text" does not expose file inclusion.

Tres Seaver tseaver at palladion.com
Mon Jul 10 16:30:09 EDT 2006 

Log message for revision 69083:
  Add tests that DTML with fmt="restructured-text" does not expose file inclusion.

Changed:
  U   Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py

-=-
Modified: Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py	2006-07-10 20:21:51 UTC (rev 69082)
+++ Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py	2006-07-10 20:30:08 UTC (rev 69083)
@@ -336,6 +336,43 @@
             spam='<a href="spam">\nfoo bar')
         self.assertEqual(res,expected)
 
+    def test_fmt_reST_include_directive_raises(self):
+        source = '.. include:: /etc/passwd'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+        self.assertRaises(NotImplementedError, html)
+
+    def test_fmt_reST_raw_directive_disabled(self):
+
+        EXPECTED = '<h1>HELLO WORLD</h1>'
+
+        source = '.. raw:: html\n\n  %s\n' % EXPECTED
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        result = html()       # don't raise, but don't work either
+        self.failIf(EXPECTED in result)
+
+        self.failUnless("&quot;raw&quot; directive disabled" in result)
+        from cgi import escape
+        self.failUnless(escape(EXPECTED) in result)
+
+    def test_fmt_reST_raw_directive_file_option_raises(self):
+
+        source = '.. raw:: html\n  :file: inclusion.txt'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        self.assertRaises(NotImplementedError, html, source)
+
+    def test_fmt_reST_raw_directive_url_option_raises(self):
+
+        source = '.. raw:: html\n  :url: http://www.zope.org'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        self.assertRaises(NotImplementedError, html, source)
+
     def testPropogatedError(self):
 
         class foo:

More information about the Zope-Checkins mailing list