Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added jinja filter autoloading namespace protection test cases.

  • Loading branch information...
commit 31dd9aaf5131658233da67cc13a68fff30422b99 1 parent 51e3826
@clsdaniel clsdaniel authored
View
2  tests/test_stack/lib/templatetools/jinja_filters.py
@@ -10,3 +10,5 @@ def codify(value):
string_hash = sha1(value)
return string_hash.hexdigest()
+def polluting_function(value):
+ return "Template filter namespace has been POLLUTED"
View
4 tests/test_stack/rendering/controllers/root.py
@@ -180,6 +180,10 @@ def genshi_inherits_sub_from_bottom(self):
def jinja_index(self):
return {}
+ @expose('jinja:jinja_autoload.jinja')
+ def jinja_autoload(self):
+ return {}
+
@expose('jinja:jinja_inherits.jinja')
def jinja_inherits(self):
return {}
View
18 tests/test_stack/rendering/templates/jinja_autoload.jinja
@@ -0,0 +1,18 @@
+{% extends "jinja_base.jinja" %}
+
+{% block title %}Index{% endblock %}
+
+{% block html_head %}
+ <style type="text/css">
+ .important {
+ color: #336699;
+ }
+ </style>
+{% endblock %}
+
+{% block content %}
+ <h1>Index</h1>
+ <p class="important">
+ {{ "Hello Jinja!"|polluting_function }}
+ </p>
+{% endblock %}
View
16 tests/test_stack/rendering/test_rendering.py
@@ -1,4 +1,5 @@
# -*- coding: utf-8 -*-
+from jinja2 import TemplateAssertionError
import tg
from tests.test_stack import TestConfig, app_from_config
@@ -276,6 +277,21 @@ def test_chameleon_genshi_inheritance():
assert "Inheritance template" in resp
assert "Master template" in resp
+def test_jinja_autoload():
+ app = setup_noDB()
+ try:
+ resp = app.get('/jinja_autoload')
+
+ # Normally the template should not load, if it does
+ # check if the filter namespace has been polluted.
+ assert not ("POLLUTED" in resp), resp
+ except TemplateAssertionError:
+ # If autoloading is working ok a template
+ # getting a function not in __all__ should raise
+ # a template exception, thus this is the normal behaviour.
+ pass
+
+
def _test_jinja_inherits():
app = setup_noDB()
resp = app.get('/jinja_inherits')
Please sign in to comment.
Something went wrong with that request. Please try again.