Log message for revision 69083:
  Add tests that DTML with fmt="restructured-text" does not expose file 
inclusion.

Changed:
  U   
Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py

-=-
Modified: 
Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py 
2006-07-10 20:21:51 UTC (rev 69082)
+++ Zope/branches/Zope-2_8-branch/lib/python/DocumentTemplate/tests/testDTML.py 
2006-07-10 20:30:08 UTC (rev 69083)
@@ -336,6 +336,43 @@
             spam='<a href="spam">\nfoo bar')
         self.assertEqual(res,expected)
 
+    def test_fmt_reST_include_directive_raises(self):
+        source = '.. include:: /etc/passwd'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+        self.assertRaises(NotImplementedError, html)
+
+    def test_fmt_reST_raw_directive_disabled(self):
+
+        EXPECTED = '<h1>HELLO WORLD</h1>'
+
+        source = '.. raw:: html\n\n  %s\n' % EXPECTED
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        result = html()       # don't raise, but don't work either
+        self.failIf(EXPECTED in result)
+
+        self.failUnless("&quot;raw&quot; directive disabled" in result)
+        from cgi import escape
+        self.failUnless(escape(EXPECTED) in result)
+
+    def test_fmt_reST_raw_directive_file_option_raises(self):
+
+        source = '.. raw:: html\n  :file: inclusion.txt'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        self.assertRaises(NotImplementedError, html, source)
+
+    def test_fmt_reST_raw_directive_url_option_raises(self):
+
+        source = '.. raw:: html\n  :url: http://www.zope.org'
+        html = self.doc_class('<dtml-var name="foo" fmt="restructured-text">')
+        html._vars['foo'] = source
+
+        self.assertRaises(NotImplementedError, html, source)
+
     def testPropogatedError(self):
 
         class foo:

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to