"""Security tests for XSS prevention."""
import pytest
from jinja2 import Environment
@pytest.mark.security
class TestXSSPrevention:
"""Test XSS prevention in HTML templates."""
def test_client_name_xss_escaped(self):
"""Test that client name is HTML-escaped in templates."""
# Test that Jinja2 autoescaping works
malicious_name = ''
env = Environment(autoescape=True)
template_source = "{{ client_name }}"
template = env.from_string(template_source)
rendered = template.render(client_name=malicious_name)
# Should be escaped
assert "",
"",
'click',
"'; DROP TABLE users; --",
"