erjemin/2025-etpgrf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: санитайзинг плейсхолдеров

Browse Source
This commit is contained in:
Sergei Erjemin
2026-03-05 03:31:30 +03:00
parent 125c9560b4
commit 913f28f2f3
3 changed files with 49 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/test_sanitizer.py
View File

@@ -4,7 +4,7 @@
import pytest
from bs4 import BeautifulSoup
from etpgrf.sanitizer import SanitizerProcessor
from etpgrf.config import SANITIZE_NONE, SANITIZE_ETPGRF, SANITIZE_ALL_HTML
from etpgrf.config import SANITIZE_NONE, SANITIZE_ETPGRF, SANITIZE_ALL_HTML, CHARS_SYMBOLS_TO_BAN
def test_sanitizer_mode_none():
@@ -83,4 +83,20 @@ def test_sanitizer_mode_etpgrf(case_id, description, html_input, expected_html):
result_soup = processor.process(soup)
assert str(result_soup) == expected_html
assert str(result_soup) == expected_html
@pytest.mark.parametrize("mode", [SANITIZE_ETPGRF, SANITIZE_ALL_HTML])
def test_sanitizer_strips_service_placeholders(mode):
"""
Проверяет, что в обоих режимах удаляются запрещенные символы (плейсхолдеры, используемые внутри типографа).
Это важно для защиты от потенциальных XSS-атак или других проблем с безопасностью, связанных с этими символами.
"""
placeholder = next(iter(CHARS_SYMBOLS_TO_BAN))
html_input = f'<p>Start{placeholder}End</p>'
soup = BeautifulSoup(html_input, 'html.parser')
processor = SanitizerProcessor(mode=mode)
result = processor.process(soup)
output = str(result) if isinstance(result, BeautifulSoup) else result
assert placeholder not in output
assert 'StartEnd' in output