def newline_to_br(v, name='(Unknown name)', md={}): # Unsafe data is explicitly quoted here; we don't expect this to be HTML # quoted later on anyway. if isinstance(v, TaintedString): v = v.quoted() v=ustr(v) v = v.replace('\r', '') v = v.replace('\n', '<br />\n') return v
def newline_to_br(v, name='(Unknown name)', md={}): # Unsafe data is explicitly quoted here; we don't expect this to be HTML # quoted later on anyway. if isinstance(v, TaintedString): v = v.quoted() v = ustr(v) v = v.replace('\r', '') v = v.replace('\n', '<br />\n') return v
def render(self, md): name = self.__name__ args = self.args expr = self.expr if type(expr) is type(''): val = md[expr] else: val = expr(md) if not val and val != 0 and args.has_key('null'): # check for null (false but not zero, including None, [], '') val = args['null'] else: if not isinstance(val, TaintedString): val = ustr(val) return transform_content(val, args)
def render(self, md): args = self.args name = self.__name__ val = self.expr if val is None: if name in md: if 'url' in args: val = md.getitem(name, 0) val = val.absolute_url() else: val = md[name] else: if 'missing' in args: return args['missing'] else: raise KeyError(name) else: val = val.eval(md) if 'url' in args: val = val.absolute_url() __traceback_info__ = name, val, args if 'null' in args and not val and val != 0: # check for null (false but not zero, including None, [], '') return args['null'] # handle special formats defined using fmt= first if 'fmt' in args: _get = getattr(md, 'guarded_getattr', None) if _get is None: _get = getattr fmt = args['fmt'] if 'null' in args and not val and val != 0: try: if hasattr(val, fmt): val = _get(val, fmt)() elif fmt in special_formats: if fmt == 'html-quote' and \ isinstance(val, TaintedString): # TaintedStrings will be quoted by default, don't # double quote. pass else: val = special_formats[fmt](val, name, md) elif fmt == '': val = '' else: if isinstance(val, TaintedString): val = TaintedString(fmt % val) else: val = fmt % val except: t, v = sys.exc_type, sys.exc_value if hasattr(sys, 'exc_info'): t, v = sys.exc_info()[:2] if val is None or not str(val): return args['null'] raise t(v) else: # We duplicate the code here to avoid exception handler # which tends to screw up stack or leak if hasattr(val, fmt): val = _get(val, fmt)() elif fmt in special_formats: if (fmt == 'html-quote' and isinstance(val, TaintedString)): # TaintedStrings will be quoted by default, don't # double quote. pass else: val = special_formats[fmt](val, name, md) elif fmt == '': val = '' else: if isinstance(val, TaintedString): val = TaintedString(fmt % val) else: val = fmt % val # finally, pump it through the actual string format... fmt = self.fmt if fmt == 's': # Keep tainted strings as tainted strings here. if not isinstance(val, TaintedString): val = ustr(val) else: # Keep tainted strings as tainted strings here. wastainted = 0 if isinstance(val, TaintedString): wastainted = 1 val = ('%' + self.fmt) % (val, ) if wastainted and '<' in val: val = TaintedString(val) # next, look for upper, lower, etc for f in self.modifiers: if f.__name__ == 'html_quote' and isinstance(val, TaintedString): # TaintedStrings will be quoted by default, don't double quote. continue val = f(val) if 'size' in args: size = args['size'] try: size = int(size) except Exception: raise ValueError( 'a <code>size</code> attribute was used in a ' '<code>var</code> tag with a non-integer value.') if len(val) > size: val = val[:size] l = val.rfind(' ') if l > size / 2: val = val[:l + 1] if 'etc' in args: l = args['etc'] else: l = '...' val = val + l if isinstance(val, TaintedString): val = val.quoted() return val
def repl(m, mapping=mapping): return ustr(mapping[m.group(m.lastindex)])
def render(self, md): args=self.args have_arg=args.has_key name=self.__name__ val=self.expr if val is None: if md.has_key(name): if have_arg('url'): val=md.getitem(name,0) val=val.absolute_url() else: val = md[name] else: if have_arg('missing'): return args['missing'] else: raise KeyError, name else: val=val.eval(md) if have_arg('url'): val=val.absolute_url() __traceback_info__=name, val, args if have_arg('null') and not val and val != 0: # check for null (false but not zero, including None, [], '') return args['null'] # handle special formats defined using fmt= first if have_arg('fmt'): _get = getattr(md, 'guarded_getattr', None) if _get is None: _get = getattr fmt=args['fmt'] if have_arg('null') and not val and val != 0: try: if hasattr(val, fmt): val = _get(val, fmt)() elif special_formats.has_key(fmt): if fmt == 'html-quote' and \ isinstance(val, TaintedString): # TaintedStrings will be quoted by default, don't # double quote. pass else: val = special_formats[fmt](val, name, md) elif fmt=='': val='' else: if isinstance(val, TaintedString): val = TaintedString(fmt % val) else: val = fmt % val except: t, v= sys.exc_type, sys.exc_value if hasattr(sys, 'exc_info'): t, v = sys.exc_info()[:2] if val is None or not str(val): return args['null'] raise t, v else: # We duplicate the code here to avoid exception handler # which tends to screw up stack or leak if hasattr(val, fmt): val = _get(val, fmt)() elif special_formats.has_key(fmt): if fmt == 'html-quote' and \ isinstance(val, TaintedString): # TaintedStrings will be quoted by default, don't # double quote. pass else: val = special_formats[fmt](val, name, md) elif fmt=='': val='' else: if isinstance(val, TaintedString): val = TaintedString(fmt % val) else: val = fmt % val # finally, pump it through the actual string format... fmt=self.fmt if fmt=='s': # Keep tainted strings as tainted strings here. if not isinstance(val, TaintedString): val=ustr(val) else: # Keep tainted strings as tainted strings here. wastainted = 0 if isinstance(val, TaintedString): wastainted = 1 val = ('%'+self.fmt) % (val,) if wastainted and '<' in val: val = TaintedString(val) # next, look for upper, lower, etc for f in self.modifiers: if f.__name__ == 'html_quote' and isinstance(val, TaintedString): # TaintedStrings will be quoted by default, don't double quote. continue val=f(val) if have_arg('size'): size=args['size'] try: size=int(size) except: raise ValueError,( '''a <code>size</code> attribute was used in a <code>var</code> tag with a non-integer value.''') if len(val) > size: val=val[:size] l=val.rfind(' ') if l > size/2: val=val[:l+1] if have_arg('etc'): l=args['etc'] else: l='...' val=val+l if isinstance(val, TaintedString): val = val.quoted() return val
def evaluateText(self, expr): text = self.evaluate(expr) if text is Default or text is None: return text return ustr(text)
def evaluateText(self, expr): text = self.evaluate(expr) if text is not None and text is not Default: text = ustr(text) return text