def xsrf_form_html(self): """An HTML <input/> element to be included with all POST forms. It defines the _xsrf input value, which we check on all POST requests to prevent cross-site request forgery. If you have set the 'xsrf_cookies' application setting, you must include this HTML within all of your HTML forms. See check_xsrf_cookie() above for more information. """ return '<input type="hidden" name="_xsrf" value="' + escape.xhtml_escape(self.xsrf_token) + '"/>'
def xsrf_form_html(self): """An HTML <input/> element to be included with all POST forms. It defines the _xsrf input value, which we check on all POST requests to prevent cross-site request forgery. If you have set the 'xsrf_cookies' application setting, you must include this HTML within all of your HTML forms. See check_xsrf_cookie() above for more information. """ return '<input type="hidden" name="_xsrf" value="' + \ escape.xhtml_escape(self.xsrf_token) + '"/>'
def _render_parts(self, value, parts=[]): if isinstance(value, basestring): parts.append(escape.xhtml_escape(value)) elif isinstance(value, int) or isinstance(value, long): parts.append(str(value)) elif isinstance(value, datetime.datetime): parts.append(value.strftime("%Y-%m-%dT%H:%M:%S.000Z")) elif isinstance(value, dict): for name, subvalue in value.iteritems(): if not isinstance(subvalue, list): subvalue = [subvalue] for subsubvalue in subvalue: parts.append('<' + escape.utf8(name) + '>') self._render_parts(subsubvalue, parts) parts.append('</' + escape.utf8(name) + '>') else: raise Exception("Unknown S3 value type %r", value)
def render(self, template_name, **kwargs): """Renders the template with the given arguments as the response.""" kwargs['settings'] = self.settings html = self.render_string(template_name, **kwargs) # Insert the additional JS and CSS added by the modules on the page js_embed = [] js_files = [] css_embed = [] css_files = [] html_heads = [] for module in getattr(self, "_active_modules", {}).itervalues(): embed_part = module.embedded_javascript() if embed_part: js_embed.append(_utf8(embed_part)) file_part = module.javascript_files() if file_part: if isinstance(file_part, basestring): js_files.append(file_part) else: js_files.extend(file_part) embed_part = module.embedded_css() if embed_part: css_embed.append(_utf8(embed_part)) file_part = module.css_files() if file_part: if isinstance(file_part, basestring): css_files.append(file_part) else: css_files.extend(file_part) head_part = module.html_head() if head_part: html_heads.append(_utf8(head_part)) if js_files: paths = set() for path in js_files: if not path.startswith("/") and not path.startswith("http:"): paths.add(self.static_url(path)) else: paths.add(path) js = ''.join('<script src="' + escape.xhtml_escape(p) + '" type="text/javascript"></script>' for p in paths) sloc = html.rindex('</body>') html = html[:sloc] + js + '\n' + html[sloc:] if js_embed: js = '<script type="text/javascript">\n//<![CDATA[\n' + \ '\n'.join(js_embed) + '\n//]]>\n</script>' sloc = html.rindex('</body>') html = html[:sloc] + js + '\n' + html[sloc:] if css_files: paths = set() for path in css_files: if not path.startswith("/") and not path.startswith("http:"): paths.add(self.static_url(path)) else: paths.add(path) css = ''.join('<link href="' + escape.xhtml_escape(p) + '" ' 'type="text/css" rel="stylesheet"/>' for p in paths) hloc = html.index('</head>') html = html[:hloc] + css + '\n' + html[hloc:] if css_embed: css = '<style type="text/css">\n' + '\n'.join(css_embed) + \ '\n</style>' hloc = html.index('</head>') html = html[:hloc] + css + '\n' + html[hloc:] if html_heads: hloc = html.index('</head>') html = html[:hloc] + ''.join(html_heads) + '\n' + html[hloc:] self.finish(html)
def visit_Text(self, node): txt = node.astext().encode('utf-8') esc = escape.xhtml_escape(txt) self.put(esc.decode('utf-8'))
def render(self, template_name, **kwargs): """Renders the template with the given arguments as the response.""" html = self.render_string(template_name, **kwargs) # Insert the additional JS and CSS added by the modules on the page js_embed = [] js_files = [] css_embed = [] css_files = [] html_heads = [] for module in getattr(self, "_active_modules", {}).itervalues(): embed_part = module.embedded_javascript() if embed_part: js_embed.append(_utf8(embed_part)) file_part = module.javascript_files() if file_part: if isinstance(file_part, basestring): js_files.append(file_part) else: js_files.extend(file_part) embed_part = module.embedded_css() if embed_part: css_embed.append(_utf8(embed_part)) file_part = module.css_files() if file_part: if isinstance(file_part, basestring): css_files.append(file_part) else: css_files.extend(file_part) head_part = module.html_head() if head_part: html_heads.append(_utf8(head_part)) if js_files: paths = set() for path in js_files: if not path.startswith("/") and not path.startswith("http:"): paths.add(self.static_url(path)) else: paths.add(path) js = ''.join('<script src="' + escape.xhtml_escape(p) + '" type="text/javascript"></script>' for p in paths) sloc = html.rindex('</body>') html = html[:sloc] + js + '\n' + html[sloc:] if js_embed: js = '<script type="text/javascript">\n//<![CDATA[\n' + \ '\n'.join(js_embed) + '\n//]]>\n</script>' sloc = html.rindex('</body>') html = html[:sloc] + js + '\n' + html[sloc:] if css_files: paths = set() for path in css_files: if not path.startswith("/") and not path.startswith("http:"): paths.add(self.static_url(path)) else: paths.add(path) css = ''.join('<link href="' + escape.xhtml_escape(p) + '" ' 'type="text/css" rel="stylesheet"/>' for p in paths) hloc = html.index('</head>') html = html[:hloc] + css + '\n' + html[hloc:] if css_embed: css = '<style type="text/css">\n' + '\n'.join(css_embed) + \ '\n</style>' hloc = html.index('</head>') html = html[:hloc] + css + '\n' + html[hloc:] if html_heads: hloc = html.index('</head>') html = html[:hloc] + ''.join(html_heads) + '\n' + html[hloc:] self.finish(html)