def test_html_safety(self): """ Check that we're handling HTML in a safe way """ html = markup_to_html('<p>Foo</em>', 'html') self.assertEqual(html, '<p>Foo</p>') html = markup_to_html('Foo<script>alert()</script>', 'html') self.assertEqual(html, 'Fooalert()') # some junky MSWord-like markup html = markup_to_html('Foo<p class="home"><Span style="font-size: 500%">bar</Span></P>', 'html', restricted=True) self.assertEqual(html, 'Foo<p>bar</p>') html = markup_to_html('A <p> </p><table cellpadding="10"><tr><td colspan=4>B</td></tr></table>', 'html', restricted=True) self.assertEqual(html, 'A <p> </p>B') # unsafe if we ask for it html = markup_to_html('Foo<script>alert()</script>', 'html', html_already_safe=True) self.assertEqual(html, 'Foo<script>alert()</script>') # PageVersions should be saved only with safe HTML offering = CourseOffering.objects.get(slug=TEST_COURSE_SLUG) memb = Member.objects.get(offering=offering, person__userid="ggbaker") p = Page(offering=offering, label="Test") p.save() v1 = PageVersion(page=p, title="T1", wikitext='<em>Some</em> <script>HTML</script>', editor=memb) v1.set_markup('html') v1.save() self.assertEqual(v1.wikitext, '<em>Some</em> HTML')
def html_content(self): "Convert self.content to HTML" return markup_to_html(self.content, self.markup(), offering=self.topic.offering, html_already_safe=True, restricted=True)
def to_html(self, fieldsubmission=None): # before MarkupContentField, text_explanation held the contents; now text_explanation_0. explanation = self.config.get('text_explanation_0', self.config.get('text_explanation', '')) markup = self.config.get('text_explanation_1', 'creole') return mark_safe('<div class="explanation_block">%s</div>' % (markup_to_html(explanation, markup)))
def test_github_markdown(self): """ Check that we're getting the Github markdown flavour. """ highlighted_code = markup_to_html('```python\ni=1\n```', 'markdown') self.assertEqual(highlighted_code, '<pre lang="python"><code>i=1\n</code></pre>')
def to_text(self, questionanswer): # our "text" representation is the HTML of the response text, markup, math = questionanswer.answer.get( 'data', FormattedAnswer.default_initial) if text: html = markup_to_html(text, markup, math=None, restricted=True) return html else: return MISSING_ANSWER_HTML
def test_all_markup_langs(self): """ Make sure each markup option returns the same way. """ correct = '<p>Paragraph <strong>1</strong> \u2605\U0001F600</p>' markup_samples = [ ('creole', '''Paragraph **1** \u2605\U0001F600'''), ('markdown', '''Paragraph **1** \u2605\U0001F600'''), ('html', '''<p>Paragraph <strong>1</strong> \u2605\U0001F600'''), ('textile', '''Paragraph *1* \u2605\U0001F600'''), ] for lang, markup in markup_samples: result = markup_to_html(markup, lang) self.assertIsInstance(result, SafeText) self.assertEqual(result.strip(), correct) result = markup_to_html('Paragraph <1> \u2605\U0001F600', 'plain') self.assertIsInstance(result, SafeText) self.assertEqual(result.strip(), '<p>Paragraph <1> \u2605\U0001F600</p>')
def test_html_safety(self): """ Check that we're handling HTML in a safe way """ html = markup_to_html('<p>Foo</em>', 'html') self.assertEqual(html, '<p>Foo</p>') html = markup_to_html('Foo<script>alert()</script>', 'html') self.assertEqual(html, 'Fooalert()') # some junky MSWord-like markup html = markup_to_html( 'Foo<p class="home"><Span style="font-size: 500%">bar</Span></P>', 'html', restricted=True) self.assertEqual(html, 'Foo<p>bar</p>') html = markup_to_html( 'A <p> </p><table cellpadding="10"><tr><td colspan=4>B</td></tr></table>', 'html', restricted=True) self.assertEqual(html, 'A <p> </p>B') # unsafe if we ask for it html = markup_to_html('Foo<script>alert()</script>', 'html', html_already_safe=True) self.assertEqual(html, 'Foo<script>alert()</script>') # PageVersions should be saved only with safe HTML offering = CourseOffering.objects.get(slug=TEST_COURSE_SLUG) memb = Member.objects.get(offering=offering, person__userid="ggbaker") p = Page(offering=offering, label="Test") p.save() v1 = PageVersion(page=p, title="T1", wikitext='<em>Some</em> <script>HTML</script>', editor=memb) v1.set_markup('html') v1.save() self.assertEqual(v1.wikitext, '<em>Some</em> HTML')
def test_all_markup_langs(self): """ Make sure each markup option returns the same way. """ correct = '<p>Paragraph <strong>1</strong> \u2605\U0001F600</p>' markup_samples = [ ('creole', '''Paragraph **1** \u2605\U0001F600'''), ('markdown', '''Paragraph **1** \u2605\U0001F600'''), ('html', '''<p>Paragraph <strong>1</strong> \u2605\U0001F600'''), ('textile', '''Paragraph *1* \u2605\U0001F600'''), ] for lang, markup in markup_samples: result = markup_to_html(markup, lang) self.assertIsInstance(result, SafeText) self.assertEqual(result.strip(), correct) result = markup_to_html('Paragraph <1> \u2605\U0001F600', 'plain') self.assertIsInstance(result, SafeText) self.assertEqual(result.strip(), '<p>Paragraph <1> \u2605\U0001F600</p>')
def html_offer_text(self): """ Return the HTML version of this offer's offer_text Cached to save frequent conversion. """ key = self.html_cache_key() html = cache.get(key) if html: return mark_safe(html) else: html = markup_to_html(self.offer_text(), 'creole') cache.set(key, html, 24 * 3600) # expires on self.save() above return html
def html_offer_text(self): """ Return the HTML version of this offer's offer_text Cached to save frequent conversion. """ key = self.html_cache_key() html = cache.get(key) if html: return mark_safe(html) else: html = markup_to_html(self.offer_text(), 'creole') cache.set(key, html, 24*3600) # expires on self.save() above return html
def html_contents(self, offering=None): """ Return the HTML version of this version's wikitext (with macros substituted if available) offering argument only required if self.page isn't set: used when doing a speculative conversion of unsaved content. Cached to save frequent conversion. """ key = self.html_cache_key() html = cache.get(key) if html: return mark_safe(html) else: markup_content = self.substitute_macros(self.get_wikitext()) html = markup_to_html(markup_content, self.markup(), pageversion=self, html_already_safe=True) cache.set(key, html, 24*3600) # expired if activities are changed (in signal below), or by saving a PageVersion in this offering return mark_safe(html)
def content_xhtml(self): """ Render content field as XHTML. """ from courselib.markup import markup_to_html return markup_to_html(self.content, self.markup, html_already_safe=False, restricted=True)
def html_content(self): return markup_to_html(self.text, self.markup, restricted=False)
def review_html(self) -> SafeText: text, markup, math = self.review return markup_to_html(text, markup, math=math)
def question_html(self) -> SafeText: text, markup, math = self.version.text return markup_to_html(text, markup, math=math)
def marking_html(self) -> SafeText: text, markup, math = self.marking return markup_to_html(text, markup, math=math)
def honour_code_html(self) -> SafeText: return markup_to_html(self.honour_code_text, markuplang=self.honour_code_markup, math=self.honour_code_math)
def html_content(self): "Convert self.content to HTML" return markup_to_html(self.content, self.markup(), offering=self.topic.offering, html_already_safe=True, restricted=True)
def html_content(self): return markup_to_html(self.content, self.markup, restricted=True)
def test_github_markdown(self): """ Check that we're getting the Github markdown flavour. """ highlighted_code = markup_to_html('```python\ni=1\n```', 'markdown') self.assertEqual(highlighted_code, '<pre lang="python"><code>i=1\n</code></pre>')
def render(self, name, value, attrs=None, renderer=None): return mark_safe('<div class="explanation_block">%s</div>' % (markup_to_html(self.explanation, self.markup)))
def to_html(self, fieldsubmission=None): # before MarkupContentField, text_explanation held the contents; now text_explanation_0. explanation = self.config.get('text_explanation_0', self.config.get('text_explanation', '')) markup = self.config.get('text_explanation_1', 'creole') return mark_safe('<div class="explanation_block">%s</div>' % (markup_to_html(explanation, markup)))
def render(self, name, value, attrs=None): return mark_safe('<div class="explanation_block">%s</div>' % (markup_to_html(self.explanation, self.markup)))
def intro_html(self) -> SafeText: return markup_to_html(self.intro, markuplang=self.markup, math=self.math)
def html_content(self): return markup_to_html(self.text, self.markup, restricted=False)
def html_content(self): return markup_to_html(self.content, self.markup, restricted=True)