def post(request): """ Add comment for current user. Update and recache comments. Response contains new comment's id and page. """ text = request.POST['text'] content_type_id = int(request.POST['content_type_id']) object_id = int(request.POST['object_id']) site_id = int(request.POST['site_id']) ip_address = request.META.get('REMOTE_ADDR', None) bucket, created = MarimoCommentBucket.objects.get_or_create( content_type_id=content_type_id, object_id=object_id, originating_site_id=site_id) text = allowtags(text, 'b br') text = text.replace('<br />', '\n') comment = MarimoComment.objects.create(bucket=bucket, user=request.user, text=text, ip_address=ip_address) update_count_cache(content_type_id, object_id, site_id) comments = MarimoComment.objects.filter(bucket=bucket) num_pages = Paginator(comments, constants.COMMENTS_PER_PAGE).num_pages return ajax_resp(200, { 'cid': comment.id, 'cpage': num_pages, })
def test_unclosed_disallowed_removed(self): cleaned = allowtags("<b>test", "a") self.assertEqual(cleaned, 'test')
def test_keep_contents_of_disallowed(self): cleaned = allowtags("<blink>test</blink>", "") self.assertEqual(cleaned, 'test')
def test_distinguish_attribute_allowances(self): cleaned = allowtags('<a b="x" c="y"></a><d b="x" c="y"></d>', "a:b d:c") self.assertEqual(cleaned, '<a b="x"></a><d c="y"></d>')
def test_allow_specific_attribute(self): cleaned = allowtags('<a b="x" c="y"></a>', "a:b") self.assertEqual(cleaned, '<a b="x"></a>')
def test_allow_multiple(self): cleaned = allowtags("<a></a><b></b><c></c>", "a c") self.assertEqual(cleaned, "<a></a><c></c>")
def test_remove_outer_not_allowed(self): cleaned = allowtags("<a><b></b></a>", "b") self.assertEqual(cleaned, "<b></b>")
def test_nested_hosting(self): self.assertEqual( allowtags('<x><z>OK</z> <y>NESTED</y> POST</x>', 'x[z] y z'), '<x><z>OK</z> </x><y>NESTED</y><x> POST</x>')
def test_nested_hosting(self): self.assertEqual( allowtags("<x><z>OK</z> <y>NESTED</y> POST</x>", "x[z] y z"), "<x><z>OK</z> </x><y>NESTED</y><x> POST</x>" )
def test_dirty_tricks(self): self.assertEqual( allowtags("<<script></script>script>test<<script></script>script>"), "<script>test<script>" )
def test_unclosed_trailing_disallowed_removed(self): cleaned = allowtags("<b>test<b>", "a") self.assertEqual(cleaned, "test")
def test_keep_contents_of_disallowed(self): cleaned = allowtags("<blink>test</blink>", "") self.assertEqual(cleaned, "test")
def test_dirty_tricks(self): self.assertEqual( allowtags( '<<script></script>script>test<<script></script>script>'), '<script>test<script>')
def test_remove_nested_not_allowed(self): cleaned = allowtags("<a><b></b></a>", "a") self.assertEqual(cleaned, "<a></a>")