def test_restricted():
#Note that the HTML is escaped, thus rendering the <script> tag harmless.
test = "Here is some text.\n<script>alert('hello world')</script>"
result = textile.textile_restricted(test)
expect = "\t<p>Here is some text.<br />\n<script>alert(‘hello world’)</script></p>"
assert result == expect
test = "Here's some <!-- commented *out* --> text."
result = textile.textile_restricted(test)
expect = "\t<p>Here’s some <!— commented <strong>out</strong> —> text.</p>"
assert result == expect
test = "p[fr]. Partir, c'est toujours mourir un peu."
result = textile.textile_restricted(test)
expect = '\t<p lang="fr">Partir, c’est toujours mourir un peu.</p>'
assert result == expect
test = "p{color:blue}. is this blue?"
result = textile.textile_restricted(test)
expect = '\t<p>is this blue?</p>'
assert result == expect
test = """\
table{border:1px solid black}.
|={color:gray}. Your caption goes here
|~.
|{position:absolute}. A footer | foo |
|-.
|_{font-size:xxlarge}. header|_=. centered header|
|~. bottom aligned|{background:red;width:200px}. asfd|"""
result = textile.textile_restricted(test, lite=False)
# styles from alignment hints like =. and ~. are ok
expect = '''\
\t<table>
\t<caption>Your caption goes here</caption>
\t
\t<tfoot>
\t\t<tr>
\t\t\t<td>A footer </td>
\t\t\t<td> foo </td>
\t\t</tr>
\t</tfoot>
\t<tbody>
\t\t<tr>
\t\t\t<th>header</th>
\t\t\t<th style="text-align:center;">centered header</th>
\t\t</tr>
\t\t<tr>
\t\t\t<td style="vertical-align:bottom;">bottom aligned</td>
\t\t\t<td>asfd</td>
\t\t</tr>
\t</tbody>
\t</table>'''
assert result == expect
def testRestricted(self):
test = "this is \"some\" *bold text*."
result = textile.textile_restricted(test)
expect = "\t<p>this is “some” <strong>bold text</strong>.</p>"
eq_(result, expect)
#Note that the HTML is escaped, thus rendering
#the <script> tag harmless.
test = "Here is some text.\n<script>alert('hello world')</script>"
result = textile.textile_restricted(test)
expect = "\t<p>Here is some text.<br /><script>alert('hello world’)</script></p>"
eq_(result, expect)
def TestRestricted(self):
test = "this is \"some\" *bold text*."
result = textile.textile_restricted(test)
expect = "\t<p>this is “some” <strong>bold text</strong>.</p>"
eq_(result, expect)
#Note that the HTML is escaped, thus rendering
#the <script> tag harmless.
test = "Here is some text.\n<script>alert('hello world')</script>"
result = textile.textile_restricted(test)
expect = "\t<p>Here is some text.<br /><script>alert('hello world’)</script></p>"
eq_(result, expect)
def textile_restricted(value):
try:
import textile
except ImportError:
if settings.DEBUG:
raise template.TemplateSyntaxError, "Error in {% textile %} filter: The Python textile library isn't installed."
return force_unicode(value)
else:
return mark_safe(force_unicode(textile.textile_restricted(smart_str(value), noimage=False)))
def textile_restricted(value):
try:
import textile
except ImportError:
if settings.DEBUG:
raise template.TemplateSyntaxError, "Error in {% textile %} filter: The Python textile library isn't installed."
return force_unicode(value)
else:
return mark_safe(force_unicode(textile.textile_restricted(smart_str(value), noimage=False)))
def markup_to_html(markup,
markuplang,
offering=None,
pageversion=None,
html_already_safe=False,
restricted=False):
"""
Master function to convert one of our markup languages to HTML (safely).
:param markup: the markup code
:param markuplang: the markup language, from MARKUP_CHOICES
:param offering: the course offering we're converting for
:param pageversion: the PageVersion we're converting for
:param html_already_safe: markuplang=='html' and markup has already been through sanitize_html()
:param restricted: use the restricted HTML subset for discussion (preventing format bombs)
:return: HTML markup
"""
assert isinstance(markup, str)
if markuplang == 'creole':
if offering:
Creole = ParserFor(offering, pageversion)
elif pageversion:
Creole = ParserFor(pageversion.page.offering, pageversion)
else:
Creole = ParserFor(offering, pageversion)
# Creole.text2html returns utf-8 bytes: standardize all output to unicode
html = Creole.text2html(markup).decode('utf8')
if restricted:
html = sanitize_html(html, restricted=True)
elif markuplang == 'markdown':
# TODO: the due_date etc tricks that are available in wikicreole
html = markdown_to_html(markup)
if restricted:
html = sanitize_html(html, restricted=True)
elif markuplang == 'textile':
html = textile_restricted(markup, lite=False)
if restricted:
html = sanitize_html(html, restricted=True)
elif markuplang == 'html' or markuplang == 'html-wysiwyg':
# TODO: the due_date etc tricks that are available in wikicreole
if html_already_safe:
# caller promises sanitize_html() has already been called on the input
html = markup
else:
html = sanitize_html(markup, restricted=restricted)
elif markuplang == 'plain':
html = mark_safe(linebreaks(markup, autoescape=True))
else:
raise NotImplementedError()
assert isinstance(html, str)
return mark_safe(html.strip())
def test_restricted():
#Note that the HTML is escaped, thus rendering the <script> tag harmless.
test = "Here is some text.\n<script>alert('hello world')</script>"
result = textile.textile_restricted(test)
expect = "\t<p>Here is some text.<br />\n<script>alert(‘hello world’)</script></p>"
assert result == expect
test = "Here's some <!-- commented *out* --> text."
result = textile.textile_restricted(test)
expect = "\t<p>Here’s some <!— commented <strong>out</strong> —> text.</p>"
assert result == expect
test = "p[fr]. Partir, c'est toujours mourir un peu."
result = textile.textile_restricted(test)
expect = '\t<p lang="fr">Partir, c’est toujours mourir un peu.</p>'
assert result == expect
def test_restricted():
#Note that the HTML is escaped, thus rendering the <script> tag harmless.
test = "Here is some text.\n<script>alert('hello world')</script>"
result = textile.textile_restricted(test)
expect = "\t<p>Here is some text.<br />\n<script>alert(‘hello world’)</script></p>"
assert result == expect
test = "Here's some <!-- commented *out* --> text."
result = textile.textile_restricted(test)
expect = "\t<p>Here’s some <!— commented <strong>out</strong> —> text.</p>"
assert result == expect
test = "p[fr]. Partir, c'est toujours mourir un peu."
result = textile.textile_restricted(test)
expect = '\t<p lang="fr">Partir, c’est toujours mourir un peu.</p>'
assert result == expect
def post(self):
parent_oid = self.get_argument("parent_oid")
user_oid = self.get_current_user()
text = self.get_argument("text")
text = sub(r'<.*>', '', text)
html = textile_restricted(text)
html = sub(r'<p>', '', html)
html = sub(r'</p>', '', html)
retcode = self.mongoworker.post_comment_by_parent_oid(parent_oid, user_oid, html)
self.write(retcode)
self.finish()
def format_field(case, field):
"""
Format long-form text as required by the discipline module, making substitutions as appropriate.
"""
text = eval("case."+field)
if text is None or text.strip() == "":
return mark_safe('<p class="empty">None</p>')
if field == 'contact_email_text':
# special case: contact email is plain text
return mark_safe("<pre>" + escape(wrap(case.substitite_values(unicode(text)), 78)) + "</pre>")
else:
return mark_safe(textile_restricted(case.substitite_values(unicode(text))))
def content_xhtml(self):
"""
Render content field as XHTML.
Memoized in the cache: textile is expensive.
"""
key = "news-content-" + hashlib.md5(self.content.encode("utf-8")).hexdigest()
val = cache.get(key)
if val:
return mark_safe(val)
markup = mark_safe(textile_restricted(unicode(self.content)))
cache.set(key, markup, 86400)
return markup
def content_xhtml(self):
"""
Render content field as XHTML.
Memoized in the cache: textile is expensive.
"""
key = "news-content-" + hashlib.md5(self.content.encode("utf-8")).hexdigest()
val = cache.get(key)
if val:
return mark_safe(val)
markup = mark_safe(textile_restricted(unicode(self.content)))
cache.set(key, markup, 86400)
return markup
def description_html(self):
return textile_restricted(self.description, auto_link=True, lite=False)
def textile_restricted_en(node):
return mark_safe(textile.textile_restricted(node))
def description_html(self):
return textile_restricted(self.description, auto_link=True, lite=False)
