Skip to content

Commit

Permalink
Attributes are not being escaped
Browse files Browse the repository at this point in the history 
Fixes #23
  • Loading branch information
@SamDudley
SamDudley committed Mar 4, 2024
1 parent 7073a60 commit 46d2079
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions tests/test_dsl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def test_style_empty_dict() -> None:
assert html == '<div style="">\n</div>\n'


def test_unsafe_text() -> None:
def test_safe_content_is_not_escaped() -> None:
html = render(h("div", safe("<script>alert(1)</script>")))
assert html == dedent(
"""\
Expand All @@ -63,7 +63,7 @@ def test_unsafe_text() -> None:
)


def test_safe_text() -> None:
def test_content_is_escaped() -> None:
html = render(h("div", "<script>alert(1)</script>"))
assert html == dedent(
"""\
Expand All @@ -74,6 +74,16 @@ def test_safe_text() -> None:
)


def test_attributes_are_escaped() -> None:
html = render(h("div", {"id": "<script>alert(1)</script>"}))
assert html == dedent(
"""\
<div id="<script>alert(1)</script>">
</div>
"""
)


def test_empty_string_boolean_attribute() -> None:
html = render(h("input", {"disabled": ""}))
assert html == "<input disabled>\n"
Expand Down

0 comments on commit 46d2079

Please sign in to comment.