Ejemplo n.º 1
0
    def save(self, commit=True):
        article = super(CreateNewsBlogArticleForm, self).save(commit=False)

        # Set owner to current user
        article.owner = self.user

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        content = clean_html(self.cleaned_data.get('content', ''), False)
        if content and permissions.has_plugin_permission(
                self.user, 'TextPlugin', 'add'):

            # If the article has not been saved, then there will be no
            # Placeholder set-up for this article yet, so, ensure we have saved
            # first.
            if not article.pk:
                article.save()

            if article and article.content:
                add_plugin(
                    placeholder=article.content,
                    plugin_type='TextPlugin',
                    language=self.language_code,
                    body=content,
                )

        with transaction.atomic():
            with create_revision():
                article.save()
                if self.user:
                    set_user(self.user)
                set_comment(ugettext("Initial version."))

        return article
Ejemplo n.º 2
0
    def save(self, commit=True):
        article = super(CreateNewsBlogArticleForm, self).save(commit=False)

        # Set owner to current user
        article.owner = self.user

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        content = clean_html(self.cleaned_data.get('content', ''), False)
        if content and permissions.has_plugin_permission(
                self.user, 'TextPlugin', 'add'):

            # If the article has not been saved, then there will be no
            # Placeholder set-up for this article yet, so, ensure we have saved
            # first.
            if not article.pk:
                article.save()

            if article and article.content:
                add_plugin(
                    placeholder=article.content,
                    plugin_type='TextPlugin',
                    language=self.language_code,
                    body=content,
                )

        with transaction.atomic():
            with create_revision():
                article.save()
                if self.user:
                    set_user(self.user)
                set_comment(ugettext("Initial version."))

        return article
Ejemplo n.º 3
0
    def save(self, commit=True):
        job_opening = super(CreateJobOpeningForm, self).save(commit=False)

        # If 'job_opening_content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        job_opening_content = clean_html(self.cleaned_data.get('job_opening_content', ''), False)

        content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
        content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')

        if job_opening_content and permissions.has_plugin_permission(
                self.user, content_plugin, 'add'):

            # If the job_opening has not been saved, then there will be no
            # Placeholder set-up for this question yet, so, ensure we have saved
            # first.
            if not job_opening.pk:
                job_opening.save()

            if job_opening and job_opening.content:
                plugin_kwargs = {
                    'placeholder': job_opening.content,
                    'plugin_type': content_plugin,
                    'language': self.language_code,
                    content_field: job_opening_content,
                }
                add_plugin(**plugin_kwargs)

        job_opening.save()

        return job_opening
Ejemplo n.º 4
0
 def test_sanitizer_without_token_parsers(self):
     sanitizer.TextSanitizer.allow_token_parsers = ()
     parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
                                  tokenizer=sanitizer.TextSanitizer)
     body = '<span data-one="1" data-two="2">some text</span>'
     body = html.clean_html(body, full=False, parser=parser)
     self.assertEqual('<span>some text</span>', body)
 def test_custom_protocol_enabled(self):
     settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
     parser = html._get_default_parser()
     text = html.clean_html('''<source src="rtmp://testurl.com/">''',
                            full=False,
                            parser=parser)
     self.assertEqual('''<source src="rtmp://testurl.com/">''', text)
Ejemplo n.º 6
0
    def save(self, commit=True):
        job_opening = super(CreateJobOpeningForm, self).save(commit=False)

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        content = clean_html(self.cleaned_data.get('content', ''), False)
        content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')
        if content and permissions.has_plugin_permission(
                self.user, 'TextPlugin', 'add'):

            # If the job_opening has not been saved, then there will be no
            # Placeholder set-up for this question yet, so, ensure we have saved
            # first.
            if not job_opening.pk:
                job_opening.save()

            if job_opening and job_opening.content:
                plugin_kwargs = {
                    'placeholder': job_opening.content,
                    'plugin_type': content_plugin,
                    'language': self.language_code,
                    get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY'): content,
                }
                add_plugin(**plugin_kwargs)

        with transaction.atomic():
            with revision_context_manager.create_revision():
                job_opening.save()
                if self.user:
                    revision_context_manager.set_user(self.user)
                revision_context_manager.set_comment(
                    ugettext("Initial version."))

        return job_opening
 def test_sanitizer_without_token_parsers(self):
     sanitizer.TextSanitizer.allow_token_parsers = ()
     parser = html5lib.HTMLParser(
         tree=treebuilders.getTreeBuilder('dom'),
     )
     body = '<span data-one="1" data-two="2">some text</span>'
     body = html.clean_html(body, full=False, parser=parser)
     self.assertEqual('<span>some text</span>', body)
Ejemplo n.º 8
0
 def test_default_protocol_escaping(self):
     settings.TEXT_ADDITIONAL_PROTOCOLS = []
     parser = html._get_default_parser()
     text = html.clean_html(
         '<source src="rtmp://testurl.com/">',
         full=False,
         parser=parser,
     )
     self.assertEqual('<source>', text)
Ejemplo n.º 9
0
def site_context():
    site = Site.objects.get_current()
    settings = SiteSettings.get(site)

    return {
        'site_name': site.name,
        'site_logo': settings.logo.url if settings.logo else "",
        'site_footer': mark_safe(clean_html(settings.footer, full=False)) if settings.footer else None,
    }
Ejemplo n.º 10
0
 def test_default_protocol_escaping(self):
     settings.TEXT_ADDITIONAL_PROTOCOLS = []
     parser = html._get_default_parser()
     text = html.clean_html(
         '<source src="rtmp://testurl.com/">',
         full=False,
         parser=parser,
     )
     self.assertEqual('<source>', text)
Ejemplo n.º 11
0
    def test_sanitizer_with_custom_token_parser(self):
        class DonutAttributeParser(sanitizer.AllowTokenParser):
            def parse(self, attribute, val):
                return attribute == 'donut'

        sanitizer.TextSanitizer.allow_token_parsers = (DonutAttributeParser, )
        parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"), )
        body = '<span donut="yummy">some text</span>'
        body = html.clean_html(body, full=False, parser=parser)
        self.assertEqual('<span donut="yummy">some text</span>', body)
Ejemplo n.º 12
0
 def test_sanitizer(self):
     allowed_attrs = html5lib.filters.sanitizer.allowed_attributes
     sanitizer.TextSanitizer.allow_token_parsers = (
         attribute_parsers.DataAttributeParser, )
     parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"), )
     body = '<span data-one="1" data-two="2">some text</span>'
     body = html.clean_html(body, full=False, parser=parser)
     self.assertTrue('data-one="1"' in body)
     self.assertTrue('data-two="2"' in body)
     self.assertEqual(allowed_attrs,
                      html5lib.filters.sanitizer.allowed_attributes)
Ejemplo n.º 13
0
 def test_sanitizer(self):
     allowed_attrs = html5lib.filters.sanitizer.allowed_attributes
     sanitizer.TextSanitizer.allow_token_parsers = (attribute_parsers.DataAttributeParser,)
     parser = html5lib.HTMLParser(
         tree=treebuilders.getTreeBuilder('dom'),
     )
     body = '<span data-one="1" data-two="2">some text</span>'
     body = html.clean_html(body, full=False, parser=parser)
     self.assertTrue('data-one="1"' in body)
     self.assertTrue('data-two="2"' in body)
     self.assertEqual(allowed_attrs, html5lib.filters.sanitizer.allowed_attributes)
Ejemplo n.º 14
0
 def test_default_tag_escaping(self):
     settings.TEXT_ADDITIONAL_TAGS = []
     parser = html._get_default_parser()
     text = html.clean_html(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '&lt;iframe src="rtmp://testurl.com/"&gt;&lt;/iframe&gt;',
         text,
     )
Ejemplo n.º 15
0
 def test_custom_attribute_enabled(self):
     settings.TEXT_ADDITIONAL_ATTRIBUTES = ['test-attr']
     parser = html._get_default_parser()
     text = html.clean_html(
         '<span test-attr="2">foo</span>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '<span test-attr="2">foo</span>',
         text,
     )
Ejemplo n.º 16
0
    def save(self, commit=True):
        event = super(CreateEventForm, self).save(commit=False)

        if not commit:
            return event

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        description = clean_html(self.cleaned_data.get('description', ''),
                                 False)

        try:
            # CMS >= 3.3.x
            content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
        except KeyError:
            # CMS <= 3.2.x
            content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')

        try:
            # CMS >= 3.3.x
            content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
        except KeyError:
            # CMS <= 3.2.x
            content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')

        if description and permissions.has_plugin_permission(
                self.user, content_plugin, 'add'):
            # If the event has not been saved, then there will be no
            # Placeholder set-up for this event yet, so, ensure we have saved
            # first.
            if not event.pk:
                event.save()

            if event and event.description:
                # we have to use kwargs because we don't know in advance what
                # is the 'body' field for configured plugin
                plugin_kwargs = {
                    'placeholder': event.description,
                    'plugin_type': content_plugin,
                    'language': self.language_code,
                    content_field: description,
                }
                add_plugin(**plugin_kwargs)

        with transaction.atomic():
            with revision_context_manager.create_revision():
                event.save()

                if self.user:
                    revision_context_manager.set_user(self.user)
                revision_context_manager.set_comment(
                    ugettext("Initial version."))
        return event
Ejemplo n.º 17
0
 def test_default_tag_escaping(self):
     settings.TEXT_ADDITIONAL_TAGS = []
     parser = html._get_default_parser()
     text = html.clean_html(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '&lt;iframe src="rtmp://testurl.com/"&gt;&lt;/iframe&gt;',
         text,
     )
Ejemplo n.º 18
0
 def test_custom_attribute_enabled(self):
     settings.TEXT_ADDITIONAL_ATTRIBUTES = ['test-attr']
     parser = html._get_default_parser()
     text = html.clean_html(
         '<span test-attr="2">foo</span>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '<span test-attr="2">foo</span>',
         text,
     )
Ejemplo n.º 19
0
 def test_custom_tag_enabled(self):
     settings.TEXT_ADDITIONAL_TAGS = ['iframe']
     parser = html._get_default_parser()
     text = html.clean_html(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         text,
     )
Ejemplo n.º 20
0
 def test_custom_tag_enabled(self):
     settings.TEXT_ADDITIONAL_TAGS = ['iframe']
     parser = html._get_default_parser()
     text = html.clean_html(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         full=False,
         parser=parser,
     )
     self.assertEqual(
         '<iframe src="rtmp://testurl.com/"></iframe>',
         text,
     )
Ejemplo n.º 21
0
    def save(self, commit=True):
        event = super(CreateEventForm, self).save(commit=False)

        if not commit:
            return event

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        description = clean_html(
            self.cleaned_data.get('description', ''), False)

        try:
            # CMS >= 3.3.x
            content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
        except KeyError:
            # CMS <= 3.2.x
            content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')

        try:
            # CMS >= 3.3.x
            content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
        except KeyError:
            # CMS <= 3.2.x
            content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')

        if description and permissions.has_plugin_permission(
                self.user, content_plugin, 'add'):
            # If the event has not been saved, then there will be no
            # Placeholder set-up for this event yet, so, ensure we have saved
            # first.
            if not event.pk:
                event.save()

            if event and event.description:
                # we have to use kwargs because we don't know in advance what
                # is the 'body' field for configured plugin
                plugin_kwargs = {
                    'placeholder': event.description,
                    'plugin_type': content_plugin,
                    'language': self.language_code,
                    content_field: description,
                }
                add_plugin(**plugin_kwargs)

        with transaction.atomic():
            with revision_context_manager.create_revision():
                event.save()

                if self.user:
                    revision_context_manager.set_user(self.user)
                revision_context_manager.set_comment(
                    ugettext("Initial version."))
        return event
Ejemplo n.º 22
0
    def test_sanitizer_with_custom_token_parser(self):

        class DonutAttributeParser(sanitizer.AllowTokenParser):

            def parse(self, attribute, val):
                return attribute == 'donut'

        sanitizer.TextSanitizer.allow_token_parsers = (DonutAttributeParser,)
        parser = html5lib.HTMLParser(
            tree=treebuilders.getTreeBuilder('dom'),
        )
        body = '<span donut="yummy">some text</span>'
        body = html.clean_html(body, full=False, parser=parser)
        self.assertEqual('<span donut="yummy">some text</span>', body)
Ejemplo n.º 23
0
    def save(self, commit=True):
        question = super(CreateFaqQuestionForm, self).save(commit=False)

        # If 'content' field has value, create a TextPlugin with same and add
        # it to the PlaceholderField
        answer = clean_html(self.cleaned_data.get('answer', ''), False)

        try:
            # CMS >= 3.3.x
            content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
        except KeyError:
            # CMS <= 3.2.x
            content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')

        try:
            # CMS >= 3.3.x
            content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
        except KeyError:
            # CMS <= 3.2.x
            content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')

        if answer and permissions.has_plugin_permission(
                self.user, content_plugin, 'add'):

            # If the question has not been saved, then there will be no
            # Placeholder set-up for this question yet, so, ensure we have saved
            # first.
            if not question.pk:
                question.save()

            if question and question.answer:
                plugin_kwarg = {
                    'placeholder': question.answer,
                    'plugin_type': content_plugin,
                    'language': self.language_code,
                    content_field: answer,
                }
                add_plugin(**plugin_kwarg)

        # Ensure we make an initial revision
        with transaction.atomic():
            with revision_context_manager.create_revision():
                question.save()
                if self.user:
                    revision_context_manager.set_user(self.user)
                revision_context_manager.set_comment(
                    ugettext("Initial version."))

        return question
Ejemplo n.º 24
0
    def save(self, commit=True):
        article = super(CreateNewsBlogArticleForm, self).save(commit=commit)

        # If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
        content = clean_html(self.cleaned_data.get('content', ''), False)
        if content and permissions.has_plugin_permission(
                self.user, 'TextPlugin', 'add'):
            add_plugin(
                placeholder=article.content,
                plugin_type='TextPlugin',
                language=self.language_code,
                body=content,
            )

        return article
Ejemplo n.º 25
0
    def test_clean_html_with_sanitize_disabled(self):
        old_TEXT_HTML_SANITIZE = settings.TEXT_HTML_SANITIZE
        settings.TEXT_HTML_SANITIZE = False
        parser = html._get_default_parser()

        original = '<span test-attr="2">foo</span>'
        cleaned = html.clean_html(
            original,
            full=False,
            parser=parser,
        )
        try:
            self.assertHTMLEqual(original, cleaned)
        finally:
            settings.TEXT_HTML_SANITIZE = old_TEXT_HTML_SANITIZE
Ejemplo n.º 26
0
    def save(self, commit=True):
        dashboard = super(CreateDashboards_appDashboardForm, self).save(commit=False)
        dashboard.owner = self.user
        dashboard.save()

        # If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
        content = clean_html(self.cleaned_data.get('content', ''), False)
        if content and permissions.has_plugin_permission(self.user, 'TextPlugin', 'add'):
            add_plugin(
                placeholder=dashboard.content,
                plugin_type='TextPlugin',
                language=self.language_code,
                body=content,
            )




        return dashboard
Ejemplo n.º 27
0
def save(self, commit=True):
    article = super(CreateNewsBlogArticleForm, self).save(commit=False)
    article.owner = self.user
    article.app_config = NewsBlogConfig.objects.filter(
        pk=self.cleaned_data['app_config']).first()
    article.is_published = True
    article.save()

    # If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
    content = clean_html(self.cleaned_data.get('content', ''), False)
    if content:
        add_plugin(
            placeholder=article.content,
            plugin_type='TextPlugin',
            language=self.language_code,
            body=content,
        )

    return article
Ejemplo n.º 28
0
    def save(self, *args, **kwargs):
        # Clean HTML from potential XSS content
        self.body = clean_html(self.body, full=False)

        super().save(*args, **kwargs)
Ejemplo n.º 29
0
 def clean(self, value, model_instance):
     value = super(HTMLField, self).clean(value, model_instance)
     return clean_html(value, full=False)
Ejemplo n.º 30
0
 def save(self, *args, **kwargs):
     body = self.body
     body = extract_images(body, self)
     body = clean_html(body, full=False)
     self.body = body
     super(Text, self).save(*args, **kwargs)
Ejemplo n.º 31
0
 def clean(self, value, model_instance):
     value = super(HTMLField, self).clean(value, model_instance)
     return clean_html(value, full=False)
Ejemplo n.º 32
0
def _compare_html(html_a, html_b):
    soup_a = BeautifulSoup(html_a, 'html5lib')
    soup_b = BeautifulSoup(html_b, 'html5lib')
    return (clean_html(soup_a.prettify()) == clean_html(soup_b.prettify()))
 def save(self, *args, **kwargs):
     body = self.body
     body = extract_images(body, self)
     body = clean_html(body, full=False)
     self.body = body
     super(AbstractText, self).save(*args, **kwargs)