Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #21656 from edx/BOM-420

Browse Source 
BOM-420
This commit is contained in:
Ayub
2019-09-16 12:26:46 +05:00
committed by GitHub
parent 851702e09e 06c7e3e4e9
commit 7b186b2f52
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lms/djangoapps/discussion/django_comment_client/tests/group_id.py
View File

@@ -32,10 +32,10 @@ class GroupIdAssertionMixin(object):
def _assert_html_response_contains_group_info(self, response):
group_info = {"group_id": None, "group_name": None}
match = re.search(r'"group_id": (\d*),', response.content)
match = re.search(r'"group_id": (\d*),', response.content.decode('utf-8'))
if match and match.group(1) != '':
group_info["group_id"] = int(match.group(1))
match = re.search(r'"group_name": "(\w*)",', response.content)
match = re.search(r'"group_name": "(\w*)"', response.content.decode('utf-8'))
if match:
group_info["group_name"] = match.group(1)
self._assert_thread_contains_group_info(group_info)

14
lms/djangoapps/discussion/tests/test_views.py
View File

@@ -561,7 +561,7 @@ class SingleCohortedThreadTestCase(CohortedTestCase):
self.assertEquals(response.status_code, 200)
self.assertEqual(response['Content-Type'], 'text/html; charset=utf-8')
html = response.content
html = response.content.decode('utf-8')
# Verify that the group name is correctly included in the HTML
self.assertRegexpMatches(html, r'"group_name": "student_cohort"')
@@ -1319,7 +1319,7 @@ class UserProfileTestCase(ForumsEnableMixin, UrlResetMixin, ModuleStoreTestCase)
response = self.get_response(mock_request, params)
self.assertEqual(response.status_code, 200)
self.assertEqual(response['Content-Type'], 'text/html; charset=utf-8')
html = response.content
html = response.content.decode('utf-8')
self.assertRegexpMatches(html, r'data-page="1"')
self.assertRegexpMatches(html, r'data-num-pages="1"')
self.assertRegexpMatches(html, r'<span class="discussion-count">1</span> discussion started')
@@ -1327,7 +1327,10 @@ class UserProfileTestCase(ForumsEnableMixin, UrlResetMixin, ModuleStoreTestCase)
self.assertRegexpMatches(html, u'&#39;id&#39;: &#39;{}&#39;'.format(self.TEST_THREAD_ID))
self.assertRegexpMatches(html, u'&#39;title&#39;: &#39;{}&#39;'.format(self.TEST_THREAD_TEXT))
self.assertRegexpMatches(html, u'&#39;body&#39;: &#39;{}&#39;'.format(self.TEST_THREAD_TEXT))
self.assertRegexpMatches(html, u'&#39;username&#39;: u&#39;{}&#39;'.format(self.student.username))
if six.PY2:
self.assertRegexpMatches(html, u'&#39;username&#39;: u&#39;{}&#39;'.format(self.student.username))
else:
self.assertRegexpMatches(html, u'&#39;username&#39;: &#39;{}&#39;'.format(self.student.username))
def check_ajax(self, mock_request, **params):
response = self.get_response(mock_request, params, HTTP_X_REQUESTED_WITH="XMLHttpRequest")
@@ -1549,6 +1552,7 @@ class ForumDiscussionXSSTestCase(ForumsEnableMixin, UrlResetMixin, ModuleStoreTe
Test that XSS attack is prevented
"""
mock_user.return_value.to_dict.return_value = {}
mock_req.return_value.status_code = 200
reverse_url = "%s%s" % (reverse(
"forum_form_discussion",
kwargs={"course_id": six.text_type(self.course.id)}), '/forum_form_discussion')
@@ -1556,7 +1560,7 @@ class ForumDiscussionXSSTestCase(ForumsEnableMixin, UrlResetMixin, ModuleStoreTe
url = "%s?%s=%s" % (reverse_url, 'sort_key', malicious_code)
resp = self.client.get(url)
self.assertEqual(resp.status_code, 200)
self.assertNotIn(malicious_code, resp.content)
self.assertNotIn(malicious_code, resp.content.decode('utf-8'))
@ddt.data('"><script>alert(1)</script>', '<script>alert(1)</script>', '</script><script>alert(1)</script>')
@patch('student.models.cc.User.from_django_user')
@@ -1579,7 +1583,7 @@ class ForumDiscussionXSSTestCase(ForumsEnableMixin, UrlResetMixin, ModuleStoreTe
url_string = "%s?%s=%s" % (url, 'page', malicious_code)
resp = self.client.get(url_string)
self.assertEqual(resp.status_code, 200)
self.assertNotIn(malicious_code, resp.content)
self.assertNotIn(malicious_code, resp.content.decode('utf-8'))
class ForumDiscussionSearchUnicodeTestCase(ForumsEnableMixin, SharedModuleStoreTestCase, UnicodeTestMixin):