Merge remote-tracking branch 'upstream/2.13' into 2.13

zopefoundation · Oct 29, 2014 · bc41a5e · bc41a5e
2 parents ee53f2c + eb8459d
commit bc41a5e
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,15 @@
+language: python
+python:
+    - "2.6"
+    - "2.7"
+
+notifications:
+  email:
+    - hanno@hannosch.eu
+
+install:
+    - python bootstrap.py
+    - bin/buildout
+
+script:
+    - bin/test
diff --git a/src/OFS/tests/testFileAndImage.py b/src/OFS/tests/testFileAndImage.py
@@ -336,7 +336,8 @@ def testStr(self):
           ('<img src="http://foo/file" alt="" title="" height="16" width="16" />'))
 
     def testTag(self):
-        tag_fmt = '<img src="http://foo/file" alt="%s" title="%s" height="16" width="16" />'
+        tag_fmt = ('<img src="http://foo/file" alt="%s" title="%s" '
+                   'height="16" width="16" />')
         self.assertEqual(self.file.tag(), (tag_fmt % ('','')))
         self.file.manage_changeProperties(title='foo')
         self.assertEqual(self.file.tag(), (tag_fmt % ('','foo')))
@@ -357,8 +358,13 @@ def test_interfaces(self):
 class ImagePublishTests(Testing.ZopeTestCase.FunctionalTestCase):
     def testTagSafe(self):
         self.app.manage_addImage("image", "")
-        res = self.publish("/image/tag?height=0&width=0&css_class=%22%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3Ealert('evil')%3B%3C%2Fscript%3E%3Cdiv%20class%3D%22")
-        self.assertNotIn('<script type="text/javascript">alert(\'evil\');</script>', res.getBody())
+        res = self.publish(
+            "/image/tag?height=0&width=0&css_class=%22%3E%3Cscript%20type"
+            "%3D%22text%2Fjavascript%22%3Ealert('evil')%3B%3C%2Fscript"
+            "%3E%3Cdiv%20class%3D%22")
+        self.assertFalse(
+            '<script type="text/javascript">alert(\'evil\');</script>'
+                in res.getBody())
 
 
 def test_suite():

diff --git a/src/Products/Sessions/tests/testBrowserIdManager.py b/src/Products/Sessions/tests/testBrowserIdManager.py
@@ -652,7 +652,7 @@ def test_encodeUrl_safe(self):
 
         res = self.publish(
             '/browser_id_manager/encodeUrl?url=%3Chtml%3EEVIL%2Fhtml%3E%3C!--')
-        self.assertNotIn("<html>EVIL/html>", res.getBody())
+        self.assertFalse("<html>EVIL/html>" in res.getBody())
 
 
 class DummyObject: