def _display_log(self, log):
with table_element(css="data wato auditlog audit",
limit=None,
sortable=False,
searchable=False) as table:
for entry in log:
table.row()
table.cell(_("Time"),
html.render_nobr(
render.date_and_time(float(entry.time))),
css="narrow")
user = (
'<i>%s</i>' %
_('internal')) if entry.user_id == '-' else entry.user_id
table.cell(_("User"), user, css="nobreak narrow")
table.cell(_("Object type"),
entry.object_ref.object_type.name
if entry.object_ref else "",
css="narrow")
table.cell(_("Object"),
render_object_ref(entry.object_ref) or "",
css="narrow")
text = HTML(
escaping.escape_text(entry.text).replace("\n", "<br>\n"))
table.cell(_("Summary"), text)
if self._show_details:
diff_text = HTML(
escaping.escape_text(entry.diff_text).
replace("\n", "<br>\n") if entry.diff_text else "")
table.cell(_("Details"), diff_text)
def make_confirmed_form_submit_link(*, form_name: str, button_name: str,
message: str) -> PageMenuLink:
return make_javascript_link(
"cmk.page_menu.confirmed_form_submit(%s, %s, %s)" % (
json.dumps(form_name),
json.dumps(button_name),
json.dumps(escaping.escape_text(message)),
))
def flash(message: Union[str, HTML]) -> None:
"""To handle both, HTML and str, correctly we need to a) escape the given str for HTML and
cast the HTML objects to str. Before handing back the messages to the consumer, all need to
converted back to HTML (see get_flashed_messages())
"""
if isinstance(message, str):
normalized = escape_text(message)
else:
normalized = str(message)
session.session_info.flashes.append(normalized)
def render_element(tag_name: HTMLTagName, tag_content: HTMLContent,
**attrs: HTMLTagAttributeValue) -> HTML:
open_tag = render_start_tag(tag_name, close_tag=False, **attrs)
if not tag_content:
tag_content = ""
elif not isinstance(tag_content, HTML):
tag_content = escaping.escape_text(tag_content)
return HTML("%s%s</%s>" % (open_tag, tag_content, tag_name))
def _add_change_to_site(
self,
site_id: SiteId,
change_id: str,
action_name: str,
text: LogMessage,
object_ref: Optional[ObjectRef],
add_user: bool,
need_sync: Optional[bool],
need_restart: Optional[bool],
domains: List[Type[ABCConfigDomain]],
domain_settings: Optional[DomainSettings],
) -> None:
# Individual changes may override the domain restart default value
if need_restart is None:
need_restart = any(d.needs_activation for d in domains)
if need_sync is None:
need_sync = any(d.needs_sync for d in domains)
# Using attrencode here is against our regular rule to do the escaping
# at the last possible time: When rendering. But this here is the last
# place where we can distinguish between HTML() encapsulated (already)
# escaped / allowed HTML and strings to be escaped.
text = escaping.escape_text(text)
# If the local site don't need a restart, there is no reason to add a
# change for that site. Otherwise the activation page would show a
# change but the site would not be selected for activation.
if site_is_local(site_id) and need_restart is False:
return None
SiteChanges(SiteChanges.make_path(site_id)).append({
"id":
change_id,
"action_name":
action_name,
"text":
"%s" % text,
"object":
object_ref,
"user_id":
user.id if add_user else None,
"domains": [d.ident() for d in domains],
"time":
time.time(),
"need_sync":
need_sync,
"need_restart":
need_restart,
"domain_settings":
domain_settings or {},
})
def render_help(self, text: Union[None, HTML, str]) -> HTML:
if isinstance(text, str):
text = escaping.escape_text(text)
elif isinstance(text, HTML):
text = "%s" % text
if not text:
return HTML("")
stripped = text.strip()
if not stripped:
return HTML("")
help_text = HTMLGenerator.resolve_help_text_macros(stripped)
self.enable_help_toggle()
style = "display:%s;" % ("block" if user.show_help else "none")
return HTMLWriter.render_div(HTML(help_text), class_="help", style=style)
def test_htmllib_integration():
assert escaping.escape_attribute("") == ""
assert escaping.escape_text("") == ""
def test_escape_text(inp, out):
if out is None:
out = inp
assert escaping.escape_text(inp) == out
def make_confirm_link(*, url: str, message: str) -> str:
return "javascript:cmk.forms.confirm_link(%s, %s),cmk.popup_menu.close_popup()" % (
json.dumps(quote_plus(url)),
json.dumps(escape_text(message)),
)
def add_confirm_on_submit(self, form_name: str, msg: str) -> None:
"""Adds a confirm dialog to a form that is shown before executing a form submission"""
self.javascript(
"cmk.forms.add_confirm_on_submit(%s, %s)"
% (json.dumps("form_%s" % form_name), json.dumps(escaping.escape_text(msg)))
)
def write_text(self, text: HTMLContent) -> None:
"""Write text. Highlighting tags such as h2|b|tt|i|br|pre|a|sup|p|li|ul|ol are not escaped."""
self.write_html(HTML(escaping.escape_text(text)))
