def add_front_resources(context, content):
view_class = getattr(context["view"], "__class__",
None) if context.get("view") else None
if not view_class:
return
view_name = getattr(view_class, "__name__", "")
if view_name in [
"AddressesPhase", "CheckoutMethodPhase", "CompanyRegistrationView",
"CustomerEditView", "CompanyEditView"
]: # For front
add_resources(context,
fields=[("initializeBillingRegion", "#id_billing"),
("initializeShippingRegion", "#id_shipping")])
elif view_name in ["ContactEditView",
"OrderAddressEditView"]: # For admin views
add_resources(context,
fields=[
("initializeBillingRegion", "#id_billing_address"),
("initializeShippingRegion", "#id_shipping_address")
])
elif view_name == "OrderEditView": # For admin order editor only regions is enough
add_resource(
context, "body_end",
InlineScriptResource(REGIONS %
{"regions": json.dumps(regions_data)}))
elif view_name in ["AddressBookEditView"]:
add_resources(context, fields=[("initializeRegion", "#id_address")])
elif view_name in ["WizardView"]:
add_resource(
context, "body_end",
InlineScriptResource(REGIONS %
{"regions": json.dumps(regions_data)}))
def add_edit_resources(context):
"""
Possibly inject Xtheme editor injection resources into the given
context's resources.
:param context: Jinja rendering context
:type context: jinja2.runtime.Context
"""
request = context.get("request")
if not (request and could_edit(request) and may_inject(context)):
return
from ._theme import get_current_theme
from .rendering import get_view_config # avoid circular import
view_config = get_view_config(context)
theme = get_current_theme(request.shop)
if not theme:
return
add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", {
"commandUrl": "/xtheme/", # TODO: Use reverse("wshop:xtheme")?
"editUrl": "/xtheme/editor/", # TODO: Use reverse("wshop:xtheme")?
"themeIdentifier": theme.identifier,
"viewName": view_config.view_name,
"edit": is_edit_mode(request),
"csrfToken": get_token(request),
}))
add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_resources(context, content):
view_class = getattr(context["view"], "__class__",
None) if context.get("view") else None
if not view_class:
return
view_name = getattr(view_class, "__name__", "")
if view_name == "ProductDetailView":
add_resource(
context, "body_end",
"%swshop/recently_viewed_products/lib.js" % settings.STATIC_URL)
def test_without_rc():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(request)
assert not add_resource(ctx, "yes", "hello.js")
content1 = "<html>"
content2 = inject_resources(ctx, content1)
assert content1 == content2
def add_resources(context, placement="body_end", fields=None):
add_resource(
context, placement,
InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)}))
add_resource(context, placement, InlineScriptResource(REGION_CHANGER_JS))
for function_name, field in fields or []:
add_resource(
context, placement,
InlineScriptResource(CHANGER_FUNCTIONS % {
"initialize_function": function_name,
"region_field_prefix": field
}))
def test_injecting_into_weird_places():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(
request, **{RESOURCE_CONTAINER_VAR_NAME: ResourceContainer()})
with pytest.raises(ValueError):
add_resource(ctx, "yes", "hello.js")
def render(self, context):
add_resource(context, "body_start", "://example.com/js.js")
add_resource(context, "body_start", "://foo/fuzz.png")
add_resource(context, "head_end", "://example.com/css.css")
add_resource(context, "body_end", InlineScriptResource("alert('xss')"))
add_resource(
context, "head_end",
InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)}))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup)) # Test duplicates
add_resource(context, "head_end", "") # Test the no-op branch
return self.message
def render(self, context):
for location, __ in self.fields:
if location in resources.KNOWN_LOCATIONS:
resource = self.config.get(location, "")
add_resource(context, location, InlineMarkupResource(resource))
return self.config.get("in_place", "")
def add_test_injection(context, content):
add_resource(context, "body_end",
InlineScriptResource("window.injectedFromAddon=true;"))