コード例 #1
0
 def create_token(self, token_string, in_tag):
     """
     Convert the given token string into a new Token object and return it.
     If in_tag is True, we are processing something that matched a tag,
     otherwise it should be treated as a literal string.
     """
     if in_tag and token_string.startswith(BLOCK_TAG_START):
         # The [2:-2] ranges below strip off *_TAG_START and *_TAG_END.
         # We could do len(BLOCK_TAG_START) to be more "correct", but we've
         # hard-coded the 2s here for performance. And it's not like
         # the TAG_START values are going to change anytime, anyway.
         block_content = token_string[2:-2].strip()
         if self.verbatim and block_content == self.verbatim:
             self.verbatim = False
     if in_tag and not self.verbatim:
         if token_string.startswith(VARIABLE_TAG_START):
             token = Token(TOKEN_VAR, token_string[2:-2].strip())
         elif token_string.startswith(BLOCK_TAG_START):
             if block_content[:9] in ('verbatim', 'verbatim '):
                 self.verbatim = 'end%s' % block_content
             token = Token(TOKEN_BLOCK, block_content)
         elif token_string.startswith(COMMENT_TAG_START):
             content = ''
             if token_string.find(TRANSLATOR_COMMENT_MARK):
                 content = token_string[2:-2].strip()
             token = Token(TOKEN_COMMENT, content)
     else:
         token = Token(TOKEN_TEXT, token_string)
     token.lineno = self.lineno
     self.lineno += token_string.count('\n')
     return token
コード例 #2
0
ファイル: api.py プロジェクト: ikresoft/django-nav-tree 
 def dehydrate(self, bundle):
     var_array = []
     if bundle.obj.urlaspattern:
         token = Token("Text", bundle.obj.url)
         var_array = token.split_contents()
     bundle.data['var_array'] = var_array[1:]
     return bundle
コード例 #3
0
ファイル: localeurl_tags.py プロジェクト: oaleeapp/EguoWorld 
def locale_url(parser, token):
    """
    Renders the url for the view with another locale prefix. The syntax is
    like the 'url' tag, only with a locale before the view.

    Examples:
      {% locale_url "de" cal.views.day day %}
      {% locale_url "nl" cal.views.home %}
      {% locale_url "en-gb" cal.views.month month as month_url %}
    """
    bits = token.split_contents()
    if len(bits) < 3:
        raise TemplateSyntaxError("'%s' takes at least two arguments:"
                                  " the locale and a view" % bits[0])
    urltoken = Token(token.token_type, bits[0] + ' ' + ' '.join(bits[2:]))
    urlnode = defaulttags.url(parser, urltoken)
    return LocaleURLNode(bits[1], urlnode)
コード例 #4
0
    def test_gravatar_xss(self):
        """Testing {% gravatar %} doesn't allow XSS injection"""
        user = User(username='******',
                    first_name='"><script>alert(1);</script><"',
                    email='*****@*****.**')

        node = gravatar(self.parser, Token(TOKEN_TEXT, 'gravatar user 32'))
        context = {
            'request': DummyRequest(),
            'user': user,
        }

        self.assertEqual(
            node.render(context),
            '<img src="http://www.gravatar.com/avatar/'
            '55502f40dc8b7c769880b10874abc9d0?s=32" width="32" height="32" '
            'alt="&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;&quot;" '
            'class="gravatar"/>')
コード例 #5
0
def second_pass_render(request, content):
    """
    Split on the secret delimiter and generate the token list by passing
    through text outside of phased blocks as single text tokens and tokenizing
    text inside the phased blocks. This ensures that nothing outside of the
    phased blocks is tokenized, thus eliminating the possibility of a template
    code injection vulnerability.
    """
    result = tokens = []
    for index, bit in enumerate(content.split(settings.PHASED_SECRET_DELIMITER)):
        if index % 2:
            tokens = Lexer(bit, None).tokenize()
        else:
            tokens.append(Token(TOKEN_TEXT, bit))

        context = RequestContext(request,
            restore_csrf_token(request, unpickle_context(bit)))
        rendered = Parser(tokens).parse().render(context)

        if settings.PHASED_SECRET_DELIMITER in rendered:
            rendered = second_pass_render(request, rendered)
        result.append(rendered)

    return "".join(result)
コード例 #6
0
ファイル: esi.py プロジェクト: terryLAT/armstrong.esi 
def create_token(content):
    return Token(TOKEN_BLOCK, content)
コード例 #7
0
ファイル: conftest.py プロジェクト: blubecks/django-forme 
def forme():
    return FormeParser([], Token(TOKEN_BLOCK, 'tag'))
コード例 #8
0
 def testError(self):
     """Testing errorbox tag (invalid usage)"""
     self.assertRaises(
         TemplateSyntaxError, lambda: djblets_deco.errorbox(
             self.parser, Token(TOKEN_TEXT, 'errorbox "id" "foo"')))
コード例 #9
0
 def test_with_max_indents(self):
     """Testing condense tag with custom max_indents"""
     node = djblets_email.condense(self.parser,
                                   Token(TOKEN_TEXT, 'condense 1'))
     self.assertEqual(node.render({}), "foo\nbar\nfoobar!")
コード例 #10
0
 def test_plain(self):
     """Testing condense tag"""
     node = djblets_email.condense(self.parser,
                                   Token(TOKEN_TEXT, 'condense'))
     self.assertEqual(node.render({}), "foo\nbar\n\n\nfoobar!")
コード例 #11
0
 def testInvalid(self):
     """Testing quoted_email tag (invalid usage)"""
     self.assertRaises(
         TemplateSyntaxError, lambda: djblets_email.quoted_email(
             self.parser, Token(TOKEN_TEXT, 'quoted_email')))