test(spp_audit,spp_change_request_v2): assert escaped entities in XSS tests

gonzalesedwin1123 · gonzalesedwin1123 · commit 7ee9652a258f · 2026-04-06T10:04:01.000+08:00
Add assertIn("&amp;lt;script&amp;gt;") to two tests that only checked absence
of raw &lt;script&gt; tags, confirming the escaped data is actually present.
diff --git a/spp_audit/tests/test_html_escaping.py b/spp_audit/tests/test_html_escaping.py
@@ -87,3 +87,4 @@ def test_parent_data_html_escapes_script_tags(self):
         )
         html = log.parent_data_html
         self.assertNotIn("<script>", html)
+        self.assertIn("&lt;script&gt;", html)
diff --git a/spp_change_request_v2/tests/test_html_escaping.py b/spp_change_request_v2/tests/test_html_escaping.py
@@ -68,6 +68,7 @@ def test_registrant_summary_escapes_spp_id(self):
             cr.invalidate_recordset()
             html = cr.registrant_summary_html
             self.assertNotIn("<script>", html)
+            self.assertIn("&lt;script&gt;", html)
 
     def test_preview_html_escapes_field_values(self):
         """Verify _generate_preview_html escapes dynamic values."""

Original file line number	Diff line number	Diff line change
`@@ -87,3 +87,4 @@ def test_parent_data_html_escapes_script_tags(self):`
`87`	`87`	`)`
`88`	`88`	`html = log.parent_data_html`
`89`	`89`	`self.assertNotIn("<script>", html)`
	`90`	`+ self.assertIn("<script>", html)`