def handle_submit(self, validated):
context = self.context
request = self.request
name = make_unique_name(context, validated['title'])
creator = authenticated_userid(request)
text = safe_html(validated['description'])
topic = create_content(IForumTopic,
validated['title'],
text,
creator,
)
if text:
topic.description = extract_description(text)
else:
topic.description = validated['title']
context[name] = topic
if request.POST.get('return_to') is not None:
location = request.POST['return_to']
return render_template_to_response('templates/javascript_redirect.pt',
url=location)
else:
location = model_url(topic, request)
return HTTPFound(location=location)
def __call__(self):
if self.request.method != 'POST':
raise HTTPExpectationFailed(u'This is not a self-posting form. '
u'It is submit only.')
text = self.request.POST.get('comment.text', None)
if find_interface(self.context, IBlogEntry):
# the comments folder is in the parent
self.parent = self.context.__parent__
else:
# The comments folder is in the context, i.e. IForumTopic
# and IProfile if it contains testimonials as comments.
self.parent = self.context
if not text:
return self.status_response('Please enter a comment')
converted = {'attachments' : []} # todo: when required
clean_html = safe_html(text)
clean_html = clean_html.replace("\n", "<br/>")
converted['add_comment'] = clean_html
return self.handle_submit(converted)
def test_plain_text(self):
compare(
'<p>hello out there.</p>',
safe_html('hello out there.')
)
def test_page(self):
compare(
'<p>hello out there.</p>',
safe_html('<html><body>hello out there.</body></html>')
)
def test_evil(self):
compare(
'<strong><a href="">out</a></strong>',
safe_html(
'<strong hello</strong><a href="javascript:alert("evil")">out</a>')
)
def test_unmatched(self):
compare(
'<strong>hello<em>out there.</em></strong>',
safe_html('<strong>hello<em>out there.')
)
def test_tags(self):
compare(
'<strong>hello</strong><em>out</em><p>there.</p>',
safe_html('<strong>hello</strong><em>out</em>there.')
)
