def validateHTML(self, text, description='', **kw): try: self.request.form['description'] = scrubHTML(description) self.request.form['text'] = scrubHTML(text) return True except IllegalHTML, errmsg: return False, errmsg
def __call__(self, value, *args, **kw): try: scrubHTML(value) except IllegalHTML, e: valid_tags = ",".join(["<%s>" % x for x in VALID_TAGS.keys()]) return '%s Only the HTML tags %s accepted, and only the "href" attribute on <a>.' % ( str(e), valid_tags)
def getInputValue(self): value = super(TextInputWidget, self).getInputValue() if value: try: value = scrubHTML(value) except IllegalHTML, err: self._error = WidgetInputError(self.context.__name__, self.label, err.args[0]) raise self._error
def test_scrubHTML(self): self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'), '<a href="foo.html">bar</a>') self.assertEqual(scrubHTML('<b>bar</b>'), '<b>bar</b>') self.assertEqual(scrubHTML('<base href="" /><base>'), '<base href="" /><base />') self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'), '<blockquote>bar</blockquote>') self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<body bgcolor="#ffffff">bar</body>') self.assertEqual(scrubHTML('<br /><br>'), '<br /><br />') self.assertEqual(scrubHTML('<hr /><hr>'), '<hr /><hr />') self.assertEqual(scrubHTML('<img src="foo.png" /><img>'), '<img src="foo.png" /><img />') self.assertEqual(scrubHTML('<meta name="title" content="" /><meta>'), '<meta name="title" content="" /><meta />')
def test_scrubHTML_no_adapter_falls_back(self): from Products.CMFDefault.utils import scrubHTML self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'), '<a href="foo.html">bar</a>') self.assertEqual(scrubHTML('<b>bar</b>'), '<b>bar</b>') self.assertEqual(scrubHTML('<base href="" /><base>'), '<base href="" /><base />') self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'), '<blockquote>bar</blockquote>') self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<body bgcolor="#ffffff">bar</body>') self.assertEqual(scrubHTML('<br /><br>'), '<br /><br />') self.assertEqual(scrubHTML('<hr /><hr>'), '<hr /><hr />') self.assertEqual(scrubHTML('<img src="foo.png" /><img>'), '<img src="foo.png" /><img />') self.assertEqual(scrubHTML('<meta name="title" content="" /><meta>'), '<meta name="title" content="" /><meta />')
def test_scrubHTML(self): self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'), '<a href="foo.html">bar</a>' ) self.assertEqual( scrubHTML('<b>bar</b>'), '<b>bar</b>' ) self.assertEqual( scrubHTML('<base href="" /><base>'), '<base href="" /><base />' ) self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'), '<blockquote>bar</blockquote>' ) self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<body bgcolor="#ffffff">bar</body>' ) self.assertEqual( scrubHTML('<br /><br>'), '<br /><br />' ) self.assertEqual( scrubHTML('<hr /><hr>'), '<hr /><hr />' ) self.assertEqual( scrubHTML('<img src="foo.png" /><img>'), '<img src="foo.png" /><img />' ) self.assertEqual( scrubHTML('<meta name="title" content="" /><meta>'), '<meta name="title" content="" /><meta />' )
def test_scrubHTML_with_adapter(self): from zope.component.testing import setUp from zope.component.testing import tearDown from zope.component import getSiteManager from zope.interface import implements from Products.CMFDefault.interfaces import IHTMLScrubber from Products.CMFDefault.utils import scrubHTML class _Scrubber: implements(IHTMLScrubber) def scrub(self, html): return html.upper() setUp() sm = getSiteManager() try: sm.registerUtility(_Scrubber(), IHTMLScrubber) self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'), '<A HREF="FOO.HTML">BAR</A>' ) self.assertEqual( scrubHTML('<b>bar</b>'), '<B>BAR</B>' ) self.assertEqual( scrubHTML('<base href="" /><base>'), '<BASE HREF="" /><BASE>' ) self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'), '<BLOCKQUOTE>BAR</BLOCKQUOTE>' ) self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<BODY BGCOLOR="#FFFFFF">BAR</BODY>' ) self.assertEqual( scrubHTML('<br /><br>'), '<BR /><BR>' ) self.assertEqual( scrubHTML('<hr /><hr>'), '<HR /><HR>' ) self.assertEqual( scrubHTML('<img src="foo.png" /><img>'), '<IMG SRC="FOO.PNG" /><IMG>' ) self.assertEqual( scrubHTML( '<meta name="title" content="" /><meta>'), '<META NAME="TITLE" CONTENT="" /><META>' ) finally: tearDown()
def test_scrubHTML_no_adapter_falls_back(self): from Products.CMFDefault.utils import scrubHTML self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'), '<a href="foo.html">bar</a>' ) self.assertEqual( scrubHTML('<b>bar</b>'), '<b>bar</b>' ) self.assertEqual( scrubHTML('<base href="" /><base>'), '<base href="" /><base />' ) self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'), '<blockquote>bar</blockquote>' ) self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<body bgcolor="#ffffff">bar</body>' ) self.assertEqual( scrubHTML('<br /><br>'), '<br /><br />' ) self.assertEqual( scrubHTML('<hr /><hr>'), '<hr /><hr />' ) self.assertEqual( scrubHTML('<img src="foo.png" /><img>'), '<img src="foo.png" /><img />' ) self.assertEqual( scrubHTML('<meta name="title" content="" /><meta>'), '<meta name="title" content="" /><meta />' )
def test_scrubHTML_with_adapter(self): from zope.component.testing import setUp from zope.component.testing import tearDown from zope.component import getSiteManager from zope.interface import implements from Products.CMFDefault.interfaces import IHTMLScrubber from Products.CMFDefault.utils import scrubHTML class _Scrubber: implements(IHTMLScrubber) def scrub(self, html): return html.upper() setUp() sm = getSiteManager() try: sm.registerUtility(_Scrubber(), IHTMLScrubber) self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'), '<A HREF="FOO.HTML">BAR</A>') self.assertEqual(scrubHTML('<b>bar</b>'), '<B>BAR</B>') self.assertEqual(scrubHTML('<base href="" /><base>'), '<BASE HREF="" /><BASE>') self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'), '<BLOCKQUOTE>BAR</BLOCKQUOTE>') self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'), '<BODY BGCOLOR="#FFFFFF">BAR</BODY>') self.assertEqual(scrubHTML('<br /><br>'), '<BR /><BR>') self.assertEqual(scrubHTML('<hr /><hr>'), '<HR /><HR>') self.assertEqual(scrubHTML('<img src="foo.png" /><img>'), '<IMG SRC="FOO.PNG" /><IMG>') self.assertEqual( scrubHTML('<meta name="title" content="" /><meta>'), '<META NAME="TITLE" CONTENT="" /><META>') finally: tearDown()
## Script (Python) "document_edit" ##parameters=text_format, text, file='', SafetyBelt='', change_and_view='' ##title=Edit a document try: from Products.CMFDefault.utils import scrubHTML text = scrubHTML( text ) # Strip Javascript, etc. context.edit( text_format , text , file , safety_belt=SafetyBelt ) qst='portal_status_message=Document+changed.' if change_and_view: target_action = context.getTypeInfo().getActionById( 'view' ) else: target_action = context.getTypeInfo().getActionById( 'edit' ) context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url() , target_action , qst ) ) except Exception, msg: target_action = context.getTypeInfo().getActionById( 'edit' ) context.REQUEST.RESPONSE.redirect( '%s/%s?portal_status_message=%s' % ( context.absolute_url() , target_action , msg ) )
##parameters=text, description='', **kw ## from Products.CMFDefault.exceptions import IllegalHTML from Products.CMFDefault.utils import scrubHTML try: description = scrubHTML(description) text = scrubHTML(text) return context.setStatus(True, text=text, description=description) except IllegalHTML, errmsg: return context.setStatus(False, errmsg)
def __call__(self, value, *args, **kw): try: scrubHTML(value) except IllegalHTML, e: valid_tags = ",".join(["<%s>" % x for x in VALID_TAGS.keys()]) return '%s Only the HTML tags %s accepted, and only the "href" attribute on <a>.' % (str(e), valid_tags)
## Script (Python) "newsitem_edit" ##parameters=text, description, text_format=None, change_and_view='' ##title=Edit a news item try: from Products.CMFDefault.utils import scrubHTML text = scrubHTML( text ) # Strip Javascript, etc. description = scrubHTML( description ) context.edit(text=text, description=description, text_format=text_format) qst='portal_status_message=News+Item+changed.' if change_and_view: target_action = context.getTypeInfo().getActionById( 'view' ) else: target_action = context.getTypeInfo().getActionById( 'edit' ) context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url() , target_action , qst ) ) except Exception, msg: target_action = context.getTypeInfo().getActionById( 'edit' ) context.REQUEST.RESPONSE.redirect( '%s/%s?portal_status_message=%s' % ( context.absolute_url() , target_action , msg ) )
## Script (Python) "document_edit" ##parameters=text_format, text, file='', SafetyBelt='', change_and_view='' ##title=Edit a document try: from Products.CMFDefault.utils import scrubHTML text = scrubHTML(text) # Strip Javascript, etc. context.edit(text_format, text, file, safety_belt=SafetyBelt) qst = 'portal_status_message=Document+changed.' if change_and_view: target_action = context.getTypeInfo().getActionById('view') else: target_action = context.getTypeInfo().getActionById('edit') context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % (context.absolute_url(), target_action, qst)) except Exception, msg: target_action = context.getTypeInfo().getActionById('edit') context.REQUEST.RESPONSE.redirect( '%s/%s?portal_status_message=%s' % (context.absolute_url(), target_action, msg))
## Script (Python) "newsitem_edit" ##parameters=text, description, text_format=None, choice=' Change ' ##title=Edit a news item try: from Products.CMFDefault.utils import scrubHTML text = scrubHTML(text) # Strip Javascript, etc. description = scrubHTML(description) context.edit(text=text, description=description, text_format=text_format) qst = 'portal_status_message=News+Item+changed.' if choice == ' Change and View ': target_action = context.getTypeInfo().getActionById('view') else: target_action = context.getTypeInfo().getActionById('edit') context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % (context.absolute_url(), target_action, qst)) except Exception, msg: target_action = context.getTypeInfo().getActionById('edit') context.REQUEST.RESPONSE.redirect( '%s/%s?portal_status_message=%s' % (context.absolute_url(), target_action, msg))