def get_allcomt():
comts = yield from Comment.find_all(OrderBy='created_time desc')
if comts:
for comt in comts:
comt.content = safe_str(comt.content)
find_blog = yield from Blogs.find(comt.blog_id)
comt['blog_title'] = find_blog.blog_title
comt.created_time = datetime_filter(comt.created_time)
else:
return dict(data='')
return dict(data=comts)
def post_comment(id, request, *, content):
user = request.__user__
blog = yield from Blogs.find(id)
if not content or not content.strip():
raise APIValueError('content', 'content can not be empty')
if blog is None:
raise APIValueError('BLOG',
'BLOG was not found, do not fu*k this site')
new_content = content
comment = Comment(blog_id=blog.id,
user_id=user.id,
user_name=user.name,
user_image=user.image,
content=new_content)
yield from comment.save()
return dict(status='success')
def api_get_blog(*, id):
blog = yield from Blogs.find(id)
comments = yield from Comment.find_all('blog_id=?', [id])
# comments = yield from Comment.find_all('blog_id=?', [id], orderBy='created_time desc')
if comments:
for c in comments:
# 这里说明一下原来是str 转html 我改成text2md 如果确认没有xss 情况我换转回来
# 在我的测试下 发现 存在xss 因此 我想先进行危险字符转译 然后在markdown 解析
# 但是此时我又想 如果评论中代码需要有如<script 该如何是好? 我发现转译后 还不错具体可以看text2html的代码
# c.html_content = text2html(c['content'])
fuck_xss = text2html(c['content'])
c.html_content = markdown2.markdown(fuck_xss)
if hasattr(blog, 'content'):
blog.html_content = markdown2.markdown(blog.content)
else:
blog = dict()
blog['html_content'] = '<h1>404 not found</h1>'
blog['blog_title'] = '不好意思 你要的页面无法找到'
blog['user_name'] = '无名氏'
blog['created_time'] = '1484186522.78509'
blog['tag'] = '*'
return dict(blogs=blog, comments=comments)