def render(self, name, value, attrs=None, renderer=None): widget_html = super(TemplateWidgetMixin, self).render(name, value, attrs) if callable(self.template): return safestring.SafeText( self.template(value).format(widget_html)) else: return safestring.SafeText(self.template.format(widget_html))
def __init__(self,html_true="Yes",html_false="No",include_html_tag=False,true_value=True): super(BooleanDisplay,self).__init__() if include_html_tag: self.html_true = safestring.SafeText(html_true) self.html_false = safestring.SafeText(html_false) else: self.html_true = html_true self.html_false = html_false self.true_value = true_value
def as_widget(self, widget=None, attrs=None, only_initial=False): """ Renders the field by rendering the passed widget, adding any HTML attributes passed as attrs. If no widget is specified, then the field's default widget will be used. """ #print("============{} {}".format(self.name,self.field.field_name)) #if self.field.field_name == "prescription__loc_locality": # import ipdb;ipdb.set_trace() html_layout,field_names,include_primary_field = self.field.get_layout(self) def get_args(): index0 = 0 index1 = 0 args = [] while index1 < len(field_names): if isinstance(field_names[index1],(tuple,list)): if field_names[index1][0] != self.field.related_field_names[index0]: index0 += 1 else: args.append(self.related_fields[index0].as_widget(only_initial=only_initial,attrs=field_names[index1][1])) index0 += 1 index1 += 1 elif field_names[index1] != self.field.related_field_names[index0]: index0 += 1 else: args.append(self.related_fields[index0].as_widget(only_initial=only_initial)) index0 += 1 index1 += 1 return args if include_primary_field: if isinstance(html_layout,(tuple,list)): html = super(CompoundBoundFieldMixin,self).as_widget(attrs=html_layout[1],only_initial=only_initial) html_layout = html_layout[0] else: html = super(CompoundBoundFieldMixin,self).as_widget(only_initial=only_initial) if field_names: args = get_args() args.append(self.auto_id) return safestring.SafeText(html_layout.format(html,*args)) elif html_layout: return safestring.SafeText(html_layout.format(html,self.auto_id)) else: return html elif field_names: args = get_args() return safestring.SafeText(html_layout.format(*args)) elif html_layout: return safestring.SafeText(html_layout) else: return ""
def render(self, name, value, attrs=None, renderer=None): global html_id_seq html_id = attrs.get("id", None) if attrs else None if not html_id: html_id_seq += 1 html_id = "auto_id_{}".format(html_id_seq) if attrs is None: attrs = {"id": html_id} else: attrs["id"] = html_id html = super(SelectableSelect, self).render(name, value, attrs) return safestring.SafeText(u""" {} <script type="text/javascript"> $("#{}").selectpicker({{ style: 'btn-default', size: 6, liveSearch: true, dropupAuto: false, closeOnDateSelect: true, }}); </script> """.format(html, html_id))
def as_widget(self, widget=None, attrs=None, only_initial=False): """ Renders the field by rendering the passed widget, adding any HTML attributes passed as attrs. If no widget is specified, then the field's default widget will be used. """ html_layout, field_names = self.field.get_layout(self) if isinstance(html_layout, (tuple, list)): html = super(CompoundBoundField, self).as_widget(attrs=html_layout[1], only_initial=only_initial) html_layout = html_layout[0] else: html = super(CompoundBoundField, self).as_widget(only_initial=only_initial) if field_names: index0 = 0 index1 = 0 arguments = [] while index1 < len(field_names): if isinstance(field_names[index1], (tuple, list)): if field_names[index1][ 0] != self.field.related_field_names[index0]: index0 += 1 else: arguments.append(self.related_fields[index0].as_widget( only_initial=only_initial, attrs=field_names[index1][1])) index0 += 1 index1 += 1 elif field_names[index1] != self.field.related_field_names[ index0]: index0 += 1 else: arguments.append(self.related_fields[index0].as_widget( only_initial=only_initial)) index0 += 1 index1 += 1 arguments.append(self.auto_id) return safestring.SafeText(html_layout.format(html, *arguments)) elif html_layout: return safestring.SafeText(html_layout.format(html, self.auto_id)) else: return html
def render(self,name,value,attrs=None,renderer=None): value_str = str(value) if value is not None else "" if not self.html_id: html_id = "{}_related_html".format( attrs.get("id")) wrapped_html = "<span id='{}' {} >{}</span>".format(html_id,"style='display:none'" if (not self.reverse and value_str != self.true_value) or (self.reverse and value_str == self.true_value) else "" ,self.html) else: html_id = self.html_id if (not self.reverse and value_str == self.true_value) or (self.reverse and value_str != self.true_value): wrapped_html = "" else: wrapped_html = """ <script type="text/javascript"> $(document).ready(function() {{ $('#{}').hide() }}) </script> """.format(html_id) show_html = "$('#{0}').show();".format(html_id) hide_html = "$('#{0}').hide();".format(html_id) attrs = attrs or {} if isinstance(self,forms.RadioSelect): attrs["onclick"]=""" if (this.value === '{0}') {{ {1} }} else {{ {2} }} """.format(self.true_value,hide_html if self.reverse else show_html,show_html if self.reverse else hide_html) elif isinstance(self,forms.CheckboxInput): attrs["onclick"]=""" if (this.checked) {{ {0} }} else {{ {1} }} """.format(hide_html if self.reverse else show_html,show_html if self.reverse else hide_html) elif isinstance(self,forms.Select): attrs["onchange"]=""" if (this.value === '{0}') {{ {1} }} else {{ {2} }} """.format(self.true_value,hide_html if self.reverse else show_html,show_html if self.reverse else hide_html) else: raise Exception("Not implemented") widget_html = super(SwitchWidgetMixin,self).render(name,value,attrs) return safestring.SafeText(self.switch_template.format(widget_html,wrapped_html))
def render(self, name, value, attrs=None, renderer=None): if isinstance(value, datetime): value = value.strftime("%Y-%m-%d %H:%M") html = super(DatetimeInput, self).render(name, value, attrs) datetime_picker = """ <script type="text/javascript"> $("#{}").datetimepicker({{ format: "Y-m-d H:i" , maxDate:true, step: 30, }}); </script> """.format(attrs["id"]) return safestring.SafeText("{}{}".format(html, datetime_picker))
# -*- coding: utf-8 -*- import os from django.utils import safestring def insecure_function(text, cls=""): return '<h1 class="{cls}">{text}</h1>'.format(text=text, cls=cls) my_insecure_str = insecure_function("insecure", cls="\" onload=\"alert('xss')") safestring.mark_safe(my_insecure_str) safestring.SafeText(my_insecure_str) safestring.SafeUnicode(my_insecure_str) safestring.SafeString(my_insecure_str) safestring.SafeBytes(my_insecure_str) def try_insecure(cls="\" onload=\"alert('xss')"): try: my_insecure_str = insecure_function("insecure", cls=cls) except Exception: my_insecure_str = "Secure" safestring.mark_safe(my_insecure_str) def except_insecure(cls="\" onload=\"alert('xss')"): try: my_insecure_str = "Secure" except Exception: my_insecure_str = insecure_function("insecure", cls=cls) safestring.mark_safe(my_insecure_str)
import os from django.utils import safestring safestring.mark_safe('<b>secure</b>') safestring.SafeText('<b>secure</b>') safestring.SafeUnicode('<b>secure</b>') safestring.SafeString('<b>secure</b>') safestring.SafeBytes('<b>secure</b>') my_secure_str = '<b>Hello World</b>' safestring.mark_safe(my_secure_str) my_secure_str, _ = ('<b>Hello World</b>', '') safestring.mark_safe(my_secure_str) also_secure_str = my_secure_str safestring.mark_safe(also_secure_str) def try_secure(): try: my_secure_str = 'Secure' except Exception: my_secure_str = 'Secure' else: my_secure_str = 'Secure' finally: my_secure_str = 'Secure' safestring.mark_safe(my_secure_str)
def render(self, name, value, attrs=None, renderer=None): return safestring.SafeText( "<pre style='border:none;background-color:unset'>{}</pre>".format( to_str(value)))
def render(self, name, value, attrs=None, renderer=None): if not self.template or not value: return self.widget.render(name, value, attrs, renderer) return safestring.SafeText( self.template.format( self.widget.render(name, value, attrs, renderer)))
# -*- coding: utf-8 -*- import os from django.utils import safestring safestring.mark_safe("<b>secure</b>") safestring.SafeText("<b>secure</b>") safestring.SafeUnicode("<b>secure</b>") safestring.SafeString("<b>secure</b>") safestring.SafeBytes("<b>secure</b>") my_secure_str = "<b>Hello World</b>" safestring.mark_safe(my_secure_str) my_secure_str, _ = ("<b>Hello World</b>", "") safestring.mark_safe(my_secure_str) also_secure_str = my_secure_str safestring.mark_safe(also_secure_str) def try_secure(): try: my_secure_str = "Secure" except Exception: my_secure_str = "Secure" else: my_secure_str = "Secure" finally: my_secure_str = "Secure" safestring.mark_safe(my_secure_str)