allucanget.biz/tests/test_unsafe_links.py

from lib.markdown_parser import markdown_to_html_lines


def test_javascript_link_neutralized():
    md = '[bad](javascript:alert(1))'
    html = markdown_to_html_lines(md)
    assert 'href="#unsafe"' in html
    assert 'javascript:' not in html


def test_data_link_neutralized():
    md = '[bad](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)'
    html = markdown_to_html_lines(md)
    assert 'href="#unsafe"' in html
    assert 'data:' not in html