def create_token(self, token_string, in_tag): """ Convert the given token string into a new Token object and return it. If in_tag is True, we are processing something that matched a tag, otherwise it should be treated as a literal string. """ if in_tag and token_string.startswith(BLOCK_TAG_START): # The [2:-2] ranges below strip off *_TAG_START and *_TAG_END. # We could do len(BLOCK_TAG_START) to be more "correct", but we've # hard-coded the 2s here for performance. And it's not like # the TAG_START values are going to change anytime, anyway. block_content = token_string[2:-2].strip() if self.verbatim and block_content == self.verbatim: self.verbatim = False if in_tag and not self.verbatim: if token_string.startswith(VARIABLE_TAG_START): token = Token(TOKEN_VAR, token_string[2:-2].strip()) elif token_string.startswith(BLOCK_TAG_START): if block_content[:9] in ('verbatim', 'verbatim '): self.verbatim = 'end%s' % block_content token = Token(TOKEN_BLOCK, block_content) elif token_string.startswith(COMMENT_TAG_START): content = '' if token_string.find(TRANSLATOR_COMMENT_MARK): content = token_string[2:-2].strip() token = Token(TOKEN_COMMENT, content) else: token = Token(TOKEN_TEXT, token_string) token.lineno = self.lineno self.lineno += token_string.count('\n') return token
def dehydrate(self, bundle): var_array = [] if bundle.obj.urlaspattern: token = Token("Text", bundle.obj.url) var_array = token.split_contents() bundle.data['var_array'] = var_array[1:] return bundle
def locale_url(parser, token): """ Renders the url for the view with another locale prefix. The syntax is like the 'url' tag, only with a locale before the view. Examples: {% locale_url "de" cal.views.day day %} {% locale_url "nl" cal.views.home %} {% locale_url "en-gb" cal.views.month month as month_url %} """ bits = token.split_contents() if len(bits) < 3: raise TemplateSyntaxError("'%s' takes at least two arguments:" " the locale and a view" % bits[0]) urltoken = Token(token.token_type, bits[0] + ' ' + ' '.join(bits[2:])) urlnode = defaulttags.url(parser, urltoken) return LocaleURLNode(bits[1], urlnode)
def test_gravatar_xss(self): """Testing {% gravatar %} doesn't allow XSS injection""" user = User(username='******', first_name='"><script>alert(1);</script><"', email='*****@*****.**') node = gravatar(self.parser, Token(TOKEN_TEXT, 'gravatar user 32')) context = { 'request': DummyRequest(), 'user': user, } self.assertEqual( node.render(context), '<img src="http://www.gravatar.com/avatar/' '55502f40dc8b7c769880b10874abc9d0?s=32" width="32" height="32" ' 'alt=""><script>alert(1);</script><"" ' 'class="gravatar"/>')
def second_pass_render(request, content): """ Split on the secret delimiter and generate the token list by passing through text outside of phased blocks as single text tokens and tokenizing text inside the phased blocks. This ensures that nothing outside of the phased blocks is tokenized, thus eliminating the possibility of a template code injection vulnerability. """ result = tokens = [] for index, bit in enumerate(content.split(settings.PHASED_SECRET_DELIMITER)): if index % 2: tokens = Lexer(bit, None).tokenize() else: tokens.append(Token(TOKEN_TEXT, bit)) context = RequestContext(request, restore_csrf_token(request, unpickle_context(bit))) rendered = Parser(tokens).parse().render(context) if settings.PHASED_SECRET_DELIMITER in rendered: rendered = second_pass_render(request, rendered) result.append(rendered) return "".join(result)
def create_token(content): return Token(TOKEN_BLOCK, content)
def forme(): return FormeParser([], Token(TOKEN_BLOCK, 'tag'))
def testError(self): """Testing errorbox tag (invalid usage)""" self.assertRaises( TemplateSyntaxError, lambda: djblets_deco.errorbox( self.parser, Token(TOKEN_TEXT, 'errorbox "id" "foo"')))
def test_with_max_indents(self): """Testing condense tag with custom max_indents""" node = djblets_email.condense(self.parser, Token(TOKEN_TEXT, 'condense 1')) self.assertEqual(node.render({}), "foo\nbar\nfoobar!")
def test_plain(self): """Testing condense tag""" node = djblets_email.condense(self.parser, Token(TOKEN_TEXT, 'condense')) self.assertEqual(node.render({}), "foo\nbar\n\n\nfoobar!")
def testInvalid(self): """Testing quoted_email tag (invalid usage)""" self.assertRaises( TemplateSyntaxError, lambda: djblets_email.quoted_email( self.parser, Token(TOKEN_TEXT, 'quoted_email')))