@@ -321,7 +321,7 @@ def test_host_whitelist_slash_type_confusion(self):
321321 # creates a host_whitelist of the empty string; a malformed triple-slash
322322 # URL has an "empty host" according to urlsplit, and `"" in ""` passes.
323323 # So, don't allow user to accidentally pass a string for host_whitelist.
324- html = '<div><iframe src="https:///evil.com/page"></div>'
324+ html = '<div><iframe src="https:///evil.com/page"></iframe></ div>'
325325 with self .assertRaises (TypeError ) as exc :
326326 # If this were the intended `("example.com",)` the expected
327327 # output would be '<div></div>'
@@ -331,20 +331,20 @@ def test_host_whitelist_slash_type_confusion(self):
331331
332332 def test_host_whitelist_valid (self ):
333333 # Frame with valid hostname in src is allowed.
334- html = '<div><iframe src="https://example.com/page"></div>'
334+ html = '<div><iframe src="https://example.com/page"></iframe></ div>'
335335 expected = '<div><iframe src="https://example.com/page"></iframe></div>'
336336 cleaner = Cleaner (frames = False , host_whitelist = ["example.com" ])
337337 self .assertEqual (expected , cleaner .clean_html (html ))
338338
339339 def test_host_whitelist_invalid (self ):
340- html = '<div><iframe src="https://evil.com/page"></div>'
340+ html = '<div><iframe src="https://evil.com/page"></iframe></ div>'
341341 expected = '<div></div>'
342342 cleaner = Cleaner (frames = False , host_whitelist = ["example.com" ])
343343 self .assertEqual (expected , cleaner .clean_html (html ))
344344
345345 def test_host_whitelist_sneaky_userinfo (self ):
346346 # Regression test: Don't be fooled by hostname and colon in userinfo.
347- html = '<div><iframe src="https://example.com:@evil.com/page"></div>'
347+ html = '<div><iframe src="https://example.com:@evil.com/page"></iframe></ div>'
348348 expected = '<div></div>'
349349 cleaner = Cleaner (frames = False , host_whitelist = ["example.com" ])
350350 self .assertEqual (expected , cleaner .clean_html (html ))
0 commit comments