def test_injecting_into_weird_places():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(request, **{
RESOURCE_CONTAINER_VAR_NAME: ResourceContainer()
})
with pytest.raises(ValueError):
add_resource(ctx, "yes", "hello.js")
def add_edit_resources(context):
"""
Possibly inject Xtheme editor injection resources into the given
context's resources.
:param context: Jinja rendering context
:type context: jinja2.runtime.Context
"""
request = context.get("request")
if not (request and could_edit(request) and may_inject(context)):
return
from .rendering import get_view_config # avoid circular import
from .theme import get_current_theme
view_config = get_view_config(context)
theme = get_current_theme(request=request)
if not theme:
return
add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", {
"commandUrl": "/xtheme/", # TODO: Use reverse("shoop:xtheme")?
"editUrl": "/xtheme/editor/", # TODO: Use reverse("shoop:xtheme")?
"themeIdentifier": theme.identifier,
"viewName": view_config.view_name,
"edit": is_edit_mode(request),
"csrfToken": get_token(request),
}))
add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_edit_resources(context):
"""
Possibly inject Xtheme editor injection resources into the given
context's resources.
:param context: Jinja rendering context
:type context: jinja2.runtime.Context
"""
request = context.get("request")
if not (request and could_edit(request) and may_inject(context)):
return
from .rendering import get_view_config # avoid circular import
from .theme import get_current_theme
view_config = get_view_config(context)
theme = get_current_theme(request=request)
if not theme:
return
add_resource(
context,
"body_end",
InlineScriptResource.from_vars(
"XthemeEditorConfig",
{
"commandUrl": "/xtheme/", # TODO: Use reverse("shoop:xtheme")?
"editUrl":
"/xtheme/editor/", # TODO: Use reverse("shoop:xtheme")?
"themeIdentifier": theme.identifier,
"viewName": view_config.view_name,
"edit": is_edit_mode(request),
"csrfToken": get_token(request),
}))
add_resource(context, "body_end",
staticfiles_storage.url("xtheme/editor-injection.js"))
def render(self, context):
"""
Custom render for to add css resource for carousel
:param context: current context
:return: html content for the plugin
"""
add_resource(context, "head_end", "%sshoop_carousel/css/style.css" % settings.STATIC_URL)
return super(CarouselPlugin, self).render(context)
def test_without_rc():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(request)
assert not add_resource(ctx, "yes", "hello.js")
content1 = "<html>"
content2 = inject_resources(ctx, content1)
assert content1 == content2
def test_without_rc():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(request)
assert not add_resource(ctx, "yes", "hello.js")
content1 = "<html>"
content2 = inject_resources(ctx, content1)
assert content1 == content2
def add_test_injection(context, content):
add_resource(context, "body_end",
InlineScriptResource("window.injectedFromAddon=true;"))
def add_test_injection(context, content):
add_resource(context, "body_end", InlineScriptResource("window.injectedFromAddon=true;"))
def render(self, context):
add_resource(context, "body_start", "://example.com/js.js")
add_resource(context, "body_start", "://foo/fuzz.png")
add_resource(context, "head_end", "://example.com/css.css")
add_resource(context, "body_end", InlineScriptResource("alert('xss')"))
add_resource(context, "head_end", InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)}))
add_resource(context, "head_end", InlineMarkupResource(self.meta_markup))
add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) # Test duplicates
add_resource(context, "head_end", "") # Test the no-op branch
return self.message
def test_injecting_into_weird_places():
request = get_request()
(template, layout, gibberish, ctx) = get_test_template_bits(
request, **{RESOURCE_CONTAINER_VAR_NAME: ResourceContainer()})
with pytest.raises(ValueError):
add_resource(ctx, "yes", "hello.js")
def render(self, context):
add_resource(context, "body_start", "://example.com/js.js")
add_resource(context, "body_start", "://foo/fuzz.png")
add_resource(context, "head_end", "://example.com/css.css")
add_resource(context, "body_end", InlineScriptResource("alert('xss')"))
add_resource(
context, "head_end",
InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)}))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup)) # Test duplicates
add_resource(context, "head_end", "") # Test the no-op branch
return self.message
def render(self, context):
for location, __ in self.fields:
if location in resources.KNOWN_LOCATIONS:
resource = self.config.get(location, "")
add_resource(context, location, InlineMarkupResource(resource))
return self.config.get("in_place", "")
def render(self, context):
for location, __ in self.fields:
if location in resources.KNOWN_LOCATIONS:
resource = self.config.get(location, "")
add_resource(context, location, InlineMarkupResource(resource))
return self.config.get("in_place", "")