Some examples of bad sanitizers

[sandbox] / bad_sanitizers / breaking_bad_sanitizers.py

diff --git a/bad_sanitizers/breaking_bad_sanitizers.py b/bad_sanitizers/breaking_bad_sanitizers.py
new file mode 100644 (file)
index 0000000..f850c0f
--- /dev/null
+++ b/bad_sanitizers/breaking_bad_sanitizers.py
@@ -0,0 +1,19 @@
+import unittest
+import urllib.parse
+
+import bad_sanitizers
+
+class TestBreakingStrings(unittest.TestCase):
+    def test_breaking_string_for_bad_sanitizer_1(self):
+        desired_result = '"><script>alert("foo")</script>'
+
+        breaking_string = '%22>%3Cscript>alert(%22foo%22)</script>'
+
+        print(breaking_string)
+
+        self.assertEqual(
+            bad_sanitizers.sanitizer_1(breaking_string),
+            desired_result,
+        )
+
+unittest.main()