def render(self, context): add_resource(context, "body_start", "://example.com/js.js") add_resource(context, "body_start", "://foo/fuzz.png") add_resource(context, "head_end", "://example.com/css.css") add_resource(context, "body_end", InlineScriptResource("alert('xss')")) add_resource( context, "head_end", InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)})) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) # Test duplicates add_resource(context, "head_end", "") # Test the no-op branch return self.message
def add_edit_resources(context): """ Possibly inject Xtheme editor injection resources into the given context's resources. :param context: Jinja rendering context :type context: jinja2.runtime.Context """ request = context.get("request") if not (request and could_edit(request) and may_inject(context)): return from .rendering import get_view_config # avoid circular import from .theme import get_current_theme view_config = get_view_config(context) theme = get_current_theme(request=request) if not theme: return add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", { "commandUrl": "/xtheme/", # TODO: Use reverse("shoop:xtheme")? "editUrl": "/xtheme/editor/", # TODO: Use reverse("shoop:xtheme")? "themeIdentifier": theme.identifier, "viewName": view_config.view_name, "edit": is_edit_mode(request), "csrfToken": get_token(request), })) add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_edit_resources(context): """ Possibly inject Xtheme editor injection resources into the given context's resources. :param context: Jinja rendering context :type context: jinja2.runtime.Context """ request = context.get("request") if not (request and could_edit(request) and may_inject(context)): return from ._theme import get_current_theme from .rendering import get_view_config # avoid circular import view_config = get_view_config(context) theme = get_current_theme(request=request) if not theme: return add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", { "commandUrl": "/xtheme/", # TODO: Use reverse("shoop:xtheme")? "editUrl": "/xtheme/editor/", # TODO: Use reverse("shoop:xtheme")? "themeIdentifier": theme.identifier, "viewName": view_config.view_name, "edit": is_edit_mode(request), "csrfToken": get_token(request), })) add_resource(context, "head_end", reverse("shoop_admin:js-catalog")) add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def render(self, context): add_resource(context, "body_start", "://example.com/js.js") add_resource(context, "body_start", "://foo/fuzz.png") add_resource(context, "head_end", "://example.com/css.css") add_resource(context, "body_end", InlineScriptResource("alert('xss')")) add_resource(context, "head_end", InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)})) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) # Test duplicates add_resource(context, "head_end", "") # Test the no-op branch return self.message
def add_test_injection(context, content): add_resource(context, "body_end", InlineScriptResource("window.injectedFromAddon=true;"))