def handle_submit(self, validated): context = self.context request = self.request name = make_unique_name(context, validated['title']) creator = authenticated_userid(request) text = safe_html(validated['description']) topic = create_content(IForumTopic, validated['title'], text, creator, ) if text: topic.description = extract_description(text) else: topic.description = validated['title'] context[name] = topic if request.POST.get('return_to') is not None: location = request.POST['return_to'] return render_template_to_response('templates/javascript_redirect.pt', url=location) else: location = model_url(topic, request) return HTTPFound(location=location)
def __call__(self): if self.request.method != 'POST': raise HTTPExpectationFailed(u'This is not a self-posting form. ' u'It is submit only.') text = self.request.POST.get('comment.text', None) if find_interface(self.context, IBlogEntry): # the comments folder is in the parent self.parent = self.context.__parent__ else: # The comments folder is in the context, i.e. IForumTopic # and IProfile if it contains testimonials as comments. self.parent = self.context if not text: return self.status_response('Please enter a comment') converted = {'attachments' : []} # todo: when required clean_html = safe_html(text) clean_html = clean_html.replace("\n", "<br/>") converted['add_comment'] = clean_html return self.handle_submit(converted)
def test_plain_text(self): compare( '<p>hello out there.</p>', safe_html('hello out there.') )
def test_page(self): compare( '<p>hello out there.</p>', safe_html('<html><body>hello out there.</body></html>') )
def test_evil(self): compare( '<strong><a href="">out</a></strong>', safe_html( '<strong hello</strong><a href="javascript:alert("evil")">out</a>') )
def test_unmatched(self): compare( '<strong>hello<em>out there.</em></strong>', safe_html('<strong>hello<em>out there.') )
def test_tags(self): compare( '<strong>hello</strong><em>out</em><p>there.</p>', safe_html('<strong>hello</strong><em>out</em>there.') )