Beispiel #1
0
def post(request):
    """
    Add comment for current user. Update and recache
    comments. Response contains new comment's id and page.
    """

    text = request.POST['text']
    content_type_id = int(request.POST['content_type_id'])
    object_id = int(request.POST['object_id'])
    site_id = int(request.POST['site_id'])
    ip_address = request.META.get('REMOTE_ADDR', None)

    bucket, created = MarimoCommentBucket.objects.get_or_create(
        content_type_id=content_type_id, object_id=object_id, originating_site_id=site_id)

    text = allowtags(text, 'b br')
    text = text.replace('<br />', '\n')

    comment = MarimoComment.objects.create(bucket=bucket, user=request.user, text=text, ip_address=ip_address)

    update_count_cache(content_type_id, object_id, site_id)

    comments = MarimoComment.objects.filter(bucket=bucket)
    num_pages = Paginator(comments, constants.COMMENTS_PER_PAGE).num_pages

    return ajax_resp(200, {
        'cid': comment.id,
        'cpage': num_pages,
    })
Beispiel #2
0
    def test_unclosed_disallowed_removed(self):

        cleaned = allowtags("<b>test", "a")
        self.assertEqual(cleaned, 'test')
Beispiel #3
0
    def test_keep_contents_of_disallowed(self):

        cleaned = allowtags("<blink>test</blink>", "")
        self.assertEqual(cleaned, 'test')
Beispiel #4
0
    def test_distinguish_attribute_allowances(self):

        cleaned = allowtags('<a b="x" c="y"></a><d b="x" c="y"></d>',
                            "a:b d:c")
        self.assertEqual(cleaned, '<a b="x"></a><d c="y"></d>')
Beispiel #5
0
    def test_allow_specific_attribute(self):

        cleaned = allowtags('<a b="x" c="y"></a>', "a:b")
        self.assertEqual(cleaned, '<a b="x"></a>')
Beispiel #6
0
    def test_allow_multiple(self):

        cleaned = allowtags("<a></a><b></b><c></c>", "a c")
        self.assertEqual(cleaned, "<a></a><c></c>")
Beispiel #7
0
    def test_remove_outer_not_allowed(self):

        cleaned = allowtags("<a><b></b></a>", "b")
        self.assertEqual(cleaned, "<b></b>")
Beispiel #8
0
 def test_nested_hosting(self):
     self.assertEqual(
         allowtags('<x><z>OK</z> <y>NESTED</y> POST</x>', 'x[z] y z'),
         '<x><z>OK</z> </x><y>NESTED</y><x> POST</x>')
Beispiel #9
0
 def test_nested_hosting(self):
     self.assertEqual(
         allowtags("<x><z>OK</z> <y>NESTED</y> POST</x>", "x[z] y z"), "<x><z>OK</z> </x><y>NESTED</y><x> POST</x>"
     )
Beispiel #10
0
    def test_dirty_tricks(self):

        self.assertEqual(
            allowtags("<<script></script>script>test<<script></script>script>"), "&lt;script&gt;test&lt;script&gt;"
        )
Beispiel #11
0
    def test_unclosed_trailing_disallowed_removed(self):

        cleaned = allowtags("<b>test<b>", "a")
        self.assertEqual(cleaned, "test")
Beispiel #12
0
    def test_keep_contents_of_disallowed(self):

        cleaned = allowtags("<blink>test</blink>", "")
        self.assertEqual(cleaned, "test")
Beispiel #13
0
    def test_distinguish_attribute_allowances(self):

        cleaned = allowtags('<a b="x" c="y"></a><d b="x" c="y"></d>', "a:b d:c")
        self.assertEqual(cleaned, '<a b="x"></a><d c="y"></d>')
Beispiel #14
0
    def test_allow_specific_attribute(self):

        cleaned = allowtags('<a b="x" c="y"></a>', "a:b")
        self.assertEqual(cleaned, '<a b="x"></a>')
Beispiel #15
0
    def test_allow_multiple(self):

        cleaned = allowtags("<a></a><b></b><c></c>", "a c")
        self.assertEqual(cleaned, "<a></a><c></c>")
Beispiel #16
0
    def test_unclosed_trailing_disallowed_removed(self):

        cleaned = allowtags("<b>test<b>", "a")
        self.assertEqual(cleaned, "test")
Beispiel #17
0
    def test_dirty_tricks(self):

        self.assertEqual(
            allowtags(
                '<<script></script>script>test<<script></script>script>'),
            '&lt;script&gt;test&lt;script&gt;')
Beispiel #18
0
    def test_remove_nested_not_allowed(self):

        cleaned = allowtags("<a><b></b></a>", "a")
        self.assertEqual(cleaned, "<a></a>")
Beispiel #19
0
    def test_remove_outer_not_allowed(self):

        cleaned = allowtags("<a><b></b></a>", "b")
        self.assertEqual(cleaned, "<b></b>")
Beispiel #20
0
    def test_remove_nested_not_allowed(self):

        cleaned = allowtags("<a><b></b></a>", "a")
        self.assertEqual(cleaned, "<a></a>")