def texteditor_escape(str_escape):
"""
富文本处理
@param str_escape: 要检测的字符串
"""
try:
parser = XssHtml()
parser.feed(str_escape)
parser.close()
return parser.get_html()
except Exception, e:
logger.error(u"js脚本注入检测发生异常,错误信息:%s" % e)
return str_escape
def check_script(str_escape, fromtype=0):
"""
防止js脚本注入
@param str_escape: 要检测的字符串
@param fromtype: 0:views,1:middleware
"""
try:
parser = XssHtml()
parser.feed(str_escape)
parser.close()
return parser.getHtml()
except:
return str_escape
def texteditor_escape(str_escape):
"""
富文本处理
@param str_escape: 要检测的字符串
"""
try:
parser = XssHtml()
parser.feed(str_escape)
parser.close()
return parser.get_html()
except Exception, e:
logger.error(u"js脚本注入检测发生异常,错误信息:%s" % e)
return str_escape
def valid_award(data):
if data['name'] != '':
pass
else:
raise InvalidData(u'奖项名字不能为空')
if data['begin_time'] > data['end_time']:
raise InvalidData(u'开始时间不能晚于结束时间')
for k, v in data.items():
if v == '' or v is None:
raise InvalidData(u'不能为空')
# 验证时xss富文本过滤
parser = XssHtml()
parser.feed(data['requirement'])
parser.close()
data['requirement'] = parser.getHtml()
data['name'] = html_escape(data['name'])
def valid_award(data):
if data['name'] != '':
pass
# if re.match(
# r'^[\s\u4e00-\u9fa5a-z0-9_-]{0,}$',
# data['name']) is not None:
# raise Exception(u'含有非法字符')
else:
raise InvalidData(u'奖项名字不能为空')
for k, v in data.items():
if v == '' or v is None:
raise InvalidData(u'不能为空')
# 验证时xss富文本过滤
parser = XssHtml()
parser.feed(data['content'])
parser.close()
data['content'] = parser.getHtml()
data['name'] = html_escape(data['name'])