From b04968391c3f740780efa547fa515b6e741cfbd5 Mon Sep 17 00:00:00 2001 From: Hood Chatham Date: Thu, 18 Jan 2024 10:25:02 -0800 Subject: [PATCH] Add pacakge nh3 (#4387) --- docs/project/changelog.md | 2 +- packages/nh3/meta.yaml | 16 +++++++ packages/nh3/test_nh3.py | 93 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 packages/nh3/meta.yaml create mode 100644 packages/nh3/test_nh3.py diff --git a/docs/project/changelog.md b/docs/project/changelog.md index b0e5e0026..8cf1d3d55 100644 --- a/docs/project/changelog.md +++ b/docs/project/changelog.md @@ -130,7 +130,7 @@ myst: - New Packages: `river` {pr}`4197`, `sisl` {pr}`4210`, `frozenlist` {pr}`4231`, `zengl` {pr}`4208`, `msgspec` {pr}`4265`, `aiohttp` {pr}`4282`, `pysam` {pr}`4268`, - `requests`, `urllib3` {pr}`4332` + `requests`, `urllib3` {pr}`4332`, `nh3` {pr}`4387` - Upgraded zengl to 2.2.0 {pr}`4364` ## Version 0.24.1 diff --git a/packages/nh3/meta.yaml b/packages/nh3/meta.yaml new file mode 100644 index 000000000..ab2ea277c --- /dev/null +++ b/packages/nh3/meta.yaml @@ -0,0 +1,16 @@ +package: + name: nh3 + version: 0.2.15 + top-level: + - nh3 +source: + url: https://files.pythonhosted.org/packages/08/03/506eb477d723da0db7c46d6259ee06bc68243ef40f5626eb66ab72ae4d69/nh3-0.2.15.tar.gz + sha256: d1e30ff2d8d58fb2a14961f7aac1bbb1c51f9bdd7da727be35c63826060b0bf3 +requirements: + executable: + - rustup +about: + home: "" + PyPI: https://pypi.org/project/nh3 + summary: Python bindings to the ammonia HTML sanitization library. + license: MIT diff --git a/packages/nh3/test_nh3.py b/packages/nh3/test_nh3.py new file mode 100644 index 000000000..ece1b8081 --- /dev/null +++ b/packages/nh3/test_nh3.py @@ -0,0 +1,93 @@ +from pytest_pyodide import run_in_pyodide + + +@run_in_pyodide(packages=["nh3"]) +def test_clean(selenium): + import nh3 + + html = "I'm not trying to XSS you" + assert nh3.clean(html) == 'I\'m not trying to XSS you' + assert nh3.clean(html, tags={"img"}) == 'I\'m not trying to XSS you' + assert ( + nh3.clean(html, tags={"img"}, attributes={}) == "I'm not trying to XSS you" + ) + assert nh3.clean(html, attributes={}) == "I'm not trying to XSS you" + assert ( + nh3.clean('baidu') + == 'baidu' + ) + assert ( + nh3.clean('baidu', link_rel=None) + == 'baidu' + ) + assert ( + nh3.clean( + "", + clean_content_tags={"script", "style"}, + ) + == "" + ) + + assert ( + nh3.clean('
', generic_attribute_prefixes={"data-"}) + == '
' + ) + + assert ( + nh3.clean( + "", + tags={"my-tag"}, + tag_attribute_values={"my-tag": {"my-attr": {"val"}}}, + ) + == '' + ) + + assert ( + nh3.clean( + "", + tags={"my-tag"}, + set_tag_attribute_values={"my-tag": {"my-attr": "val"}}, + ) + == '' + ) + + +@run_in_pyodide(packages=["nh3"]) +def test_clean_with_attribute_filter(selenium): + import nh3 + import pytest + + html = "Home" + + def attribute_filter(element, attribute, value): + if element == "img" and attribute == "src": + return None + return value + + assert ( + nh3.clean(html, attribute_filter=attribute_filter, link_rel=None) + == 'Home' + ) + + with pytest.raises(TypeError): + nh3.clean(html, attribute_filter="not a callable") + + # attribute_filter may raise exception, but it's an infallible API + # which writes a unraisable exception + nh3.clean(html, attribute_filter=lambda _element, _attribute, _value: True) + + +@run_in_pyodide(packages=["nh3"]) +def test_clean_text(selenium): + import nh3 + + res = nh3.clean_text('Robert"); abuse();//') + assert res == "Robert"); abuse();//" + + +@run_in_pyodide(packages=["nh3"]) +def test_is_html(selenium): + import nh3 + + assert not nh3.is_html("plain text") + assert nh3.is_html("

html!

")