def unescape(self):
        r"""Unescape markup again into an text_type string.  This also resolves
        known HTML4 and XHTML entities:

        >>> Markup("Main &raquo; <em>About</em>").unescape()
        u'Main \xbb <em>About</em>'
        """
        from markupsafe._constants import HTML_ENTITIES
        def handle_match(m):
            name = m.group(1)
            if name in HTML_ENTITIES:
                return unichr(HTML_ENTITIES[name])
            try:
				# try to process the prefix before the num.
                if name[:2] in ('#x', '#X'):
                    return unichr(int(name[2:], 16))
                elif name.startswith('#'):
                    return unichr(int(name[1:]))
            except ValueError:
                pass
            return u''
		# return string format, not Markup.
		#	`re.sub(pattern, repl, string, count=0, flags=0)`
		#or `regex.sub(repl,string,count=0,flags=0)` 
		#	repl means function for replace or something.
        return _entity_re.sub(handle_match, text_type(self))
Example #2
0
def soft_unicode(s):
    """Make a string unicode if it isn't already.  That way a markup
    string is not converted back to unicode.
    """
    if not isinstance(s, text_type):
        s = text_type(s)
    return s
Example #3
0
def soft_unicode(s):
    """Make a string unicode if it isn't already.  That way a markup
    string is not converted back to unicode.
    """
    if not isinstance(s, text_type):
        s = text_type(s)
    return s
Example #4
0
 def format_field(self, value, format_spec):
     if hasattr(value, '__html_format__'):
         rv = value.__html_format__(format_spec)
     elif hasattr(value, '__html__'):
         if format_spec:
             raise ValueError('No format specification allowed '
                              'when formatting an object with '
                              'its __html__ method.')
         rv = value.__html__()
     else:
         # We need to make sure the format spec is unicode here as
         # otherwise the wrong callback methods are invoked.  For
         # instance a byte string there would invoke __str__ and
         # not __unicode__.
         rv = string.Formatter.format_field(
             self, value, text_type(format_spec))
     return text_type(self.escape(rv))
Example #5
0
 def format_field(self, value, format_spec):
     if hasattr(value, '__html_format__'):
         rv = value.__html_format__(format_spec)
     elif hasattr(value, '__html__'):
         if format_spec:
             raise ValueError('No format specification allowed '
                              'when formatting an object with '
                              'its __html__ method.')
         rv = value.__html__()
     else:
         # We need to make sure the format spec is unicode here as
         # otherwise the wrong callback methods are invoked.  For
         # instance a byte string there would invoke __str__ and
         # not __unicode__.
         rv = string.Formatter.format_field(
             self, value, text_type(format_spec))
     return text_type(self.escape(rv))
Example #6
0
def escape(s):
    """Convert the characters &, <, >, ' and " in string s to HTML-safe
    sequences.  Use this if you need to display text that might contain
    such characters in HTML.  Marks return value as markup string.
    """
    if hasattr(s, '__html__'):
        return s.__html__()
    return Markup(
        text_type(s).replace('&', '&amp;').replace('>', '&gt;').replace(
            '<', '&lt;').replace("'", '&#39;').replace('"', '&#34;'))
Example #7
0
 def format_field(self, value, format_spec):
     if hasattr(value, '__html_format__'):
         rv = value.__html_format__(format_spec)
     elif hasattr(value, '__html__'):
         if format_spec:
             raise ValueError(
                 'Format specifier {0} given, but {1} does not'
                 ' define __html_format__. A class that defines'
                 ' __html__ must define __html_format__ to work'
                 ' with format specifiers.'.format(
                     format_spec, type(value)))
         rv = value.__html__()
     else:
         # We need to make sure the format spec is unicode here as
         # otherwise the wrong callback methods are invoked.  For
         # instance a byte string there would invoke __str__ and
         # not __unicode__.
         rv = string.Formatter.format_field(self, value,
                                            text_type(format_spec))
     return text_type(self.escape(rv))
Example #8
0
class _MarkupEscapeHelper(object):
    """Helper for Markup.__mod__"""
    def __init__(self, obj, escape):
        self.obj = obj
        self.escape = escape

    __getitem__ = lambda s, x: _MarkupEscapeHelper(s.obj[x], s.escape)
    __unicode__ = __str__ = lambda s: text_type(s.escape(s.obj))
    __repr__ = lambda s: str(s.escape(repr(s.obj)))
    __int__ = lambda s: int(s.obj)
    __float__ = lambda s: float(s.obj)
Example #9
0
 def format_field(self, value, format_spec):
     if hasattr(value, '__html_format__'):
         rv = value.__html_format__(format_spec)
     elif hasattr(value, '__html__'):
         if format_spec:
             raise ValueError('No format specification allowed '
                              'when formatting an object with '
                              'its __html__ method.')
         rv = value.__html__()
     else:
         rv = string.Formatter.format_field(self, value, format_spec)
     return text_type(self.escape(rv))
Example #10
0
 def format_field(self, value, format_spec):
     if hasattr(value, '__html_format__'):
         rv = value.__html_format__(format_spec)
     elif hasattr(value, '__html__'):
         if format_spec:
             raise ValueError('No format specification allowed '
                              'when formatting an object with '
                              'its __html__ method.')
         rv = value.__html__()
     else:
         rv = string.Formatter.format_field(self, value, format_spec)
     return text_type(self.escape(rv))
Example #11
0
def escape(s):
    """Convert the characters &, <, >, ' and " in string s to HTML-safe
    sequences.  Use this if you need to display text that might contain
    such characters in HTML.  Marks return value as markup string.
    """
    if hasattr(s, '__html__'):
        return s.__html__()
    return Markup(text_type(s)
        .replace('&', '&amp;')
        .replace('>', '&gt;')
        .replace('<', '&lt;')
        .replace("'", '&#39;')
        .replace('"', '&#34;')
    )
Example #12
0
def escape(s):
    """Convert the characters &, <, >, ' and " in string s to HTML-safe
    sequences.  Use this if you need to display text that might contain
    such characters in HTML.  Marks return value as markup string.
    """
    if hasattr(s, "__html__"):
        return s.__html__()
    return Markup(
        text_type(s)
        .replace("&", "&amp;")
        .replace(">", "&gt;")
        .replace("<", "&lt;")
        .replace("'", "&#39;")
        .replace('"', "&#34;")
    )
Example #13
0
def soft_unicode(s):
    """Convert an object to a string if it isn't already. This preserves
    a :class:`Markup` string rather than converting it back to a basic
    string, so it will still be marked as safe and won't be escaped
    again.

    >>> value = escape('<User 1>')
    >>> value
    Markup('&lt;User 1&gt;')
    >>> escape(str(value))
    Markup('&amp;lt;User 1&amp;gt;')
    >>> escape(soft_unicode(value))
    Markup('&lt;User 1&gt;')
    """
    if not isinstance(s, text_type):
        s = text_type(s)
    return s
Example #14
0
def escape(s):
    """Replace the characters ``&``, ``<``, ``>``, ``'``, and ``"`` in
    the string with HTML-safe sequences. Use this if you need to display
    text that might contain such characters in HTML.

    If the object has an ``__html__`` method, it is called and the
    return value is assumed to already be safe for HTML.

    :param s: An object to be converted to a string and escaped.
    :return: A :class:`Markup` string with the escaped text.
    """
    if hasattr(s, '__html__'):
        return Markup(s.__html__())
    return Markup(text_type(s)
        .replace('&', '&amp;')
        .replace('>', '&gt;')
        .replace('<', '&lt;')
        .replace("'", '&#39;')
        .replace('"', '&#34;')
    )
Example #15
0
    def unescape(self):
        r"""Unescape markup again into an text_type string.  This also resolves
        known HTML4 and XHTML entities:

        >>> Markup("Main &raquo; <em>About</em>").unescape()
        u'Main \xbb <em>About</em>'
        """
        from markupsafe._constants import HTML_ENTITIES
        def handle_match(m):
            name = m.group(1)
            if name in HTML_ENTITIES:
                return unichr(HTML_ENTITIES[name])
            try:
                if name[:2] in ('#x', '#X'):
                    return unichr(int(name[2:], 16))
                elif name.startswith('#'):
                    return unichr(int(name[1:]))
            except ValueError:
                pass
            return unicode(''.join(('&', name, ';')))
        return _entity_re.sub(handle_match, text_type(self))
Example #16
0
    def unescape(self):
        r"""Unescape markup again into an text_type string.  This also resolves
        known HTML4 and XHTML entities:

        >>> Markup("Main &raquo; <em>About</em>").unescape()
        u'Main \xbb <em>About</em>'
        """
        from markupsafe._constants import HTML_ENTITIES
        def handle_match(m):
            name = m.group(1)
            if name in HTML_ENTITIES:
                return unichr(HTML_ENTITIES[name])
            try:
                if name[:2] in ('#x', '#X'):
                    return unichr(int(name[2:], 16))
                elif name.startswith('#'):
                    return unichr(int(name[1:]))
            except ValueError:
                pass
            return u''
        return _entity_re.sub(handle_match, text_type(self))
Example #17
0
    def unescape(self):
        """Convert escaped markup back into a text string. This replaces
        HTML entities with the characters they represent.

        >>> Markup('Main &raquo; <em>About</em>').unescape()
        'Main ยป <em>About</em>'
        """
        from markupsafe._constants import HTML_ENTITIES

        def handle_match(m):
            name = m.group(1)
            if name in HTML_ENTITIES:
                return unichr(HTML_ENTITIES[name])
            try:
                if name[:2] in ('#x', '#X'):
                    return unichr(int(name[2:], 16))
                elif name.startswith('#'):
                    return unichr(int(name[1:]))
            except ValueError:
                pass
            # Don't modify unexpected input.
            return m.group()

        return _entity_re.sub(handle_match, text_type(self))
Example #18
0
def test_adding():
    unsafe = '<script type="application/x-some-script">alert("foo");</script>'
    safe = Markup('<em>username</em>')
    assert unsafe + safe == text_type(escape(unsafe)) + text_type(safe)
Example #19
0
 def test_adding(self):
     # adding two strings should escape the unsafe one
     unsafe = '<script type="application/x-some-script">alert("foo");</script>'
     safe = Markup('<em>username</em>')
     assert unsafe + safe == text_type(escape(unsafe)) + text_type(safe)