def render(text,
substitutions=True,
safe_mode='escape',
_testing_allow_user_html=None):
'''
Render markdown as html.
*substitutions*
If `True`, substitude text reference, e.g. member refs like
@(pudo), to html.
*safe_mode*
This is passed directly to the markdown renderer. Possible options are
`'escape'` (escape html tags), `'remove'` (remove html tags),
`'adhocracy_config'` (HTML if allowed, escape otherwise).
'''
if text is None:
return ""
from adhocracy.lib.helpers.text_helper import getconf_allow_user_html
allow_user_html = getconf_allow_user_html(_testing_allow_user_html)
assert safe_mode in ('escape', 'remove', 'adhocracy_config')
if safe_mode == 'adhocracy_config':
safe_mode = False if allow_user_html else 'escape'
text = markdown.markdown(text,
extensions=[
'adhocracy.lib.text.mdx_showmore',
],
output_format='xhtml5',
safe_mode=safe_mode,
enable_attributes=False)
if substitutions:
text = SUB_USER.sub(user_sub, text)
text = SUB_PAGE.sub(page_sub, text)
if allow_user_html and not safe_mode:
from lxml.html.clean import Cleaner
text = Cleaner(embedded=False, kill_tags=['embed',
'object']).clean_html(text)
text = rewrite_urls(text)
return text
def render(text, substitutions=True, safe_mode='escape',
_testing_allow_user_html=None):
'''
Render markdown as html.
*substitutions*
If `True`, substitude text reference, e.g. member refs like
@(pudo), to html.
*safe_mode*
This is passed directly to the markdown renderer. Possible options are
`'escape'` (escape html tags), `'remove'` (remove html tags),
`'adhocracy_config'` (HTML if allowed, escape otherwise).
'''
if text is None:
return ""
from adhocracy.lib.helpers.text_helper import getconf_allow_user_html
allow_user_html = getconf_allow_user_html(_testing_allow_user_html)
assert safe_mode in ('escape', 'remove', 'adhocracy_config')
if safe_mode == 'adhocracy_config':
safe_mode = False if allow_user_html else 'escape'
text = markdown.markdown(
text,
extensions=[
'adhocracy.lib.text.mdx_showmore',
],
output_format='xhtml5',
safe_mode=safe_mode,
enable_attributes=False
)
if substitutions:
text = SUB_USER.sub(user_sub, text)
text = SUB_PAGE.sub(page_sub, text)
if allow_user_html and not safe_mode:
from lxml.html.clean import Cleaner
text = Cleaner(embedded=False,
kill_tags=['embed', 'object']).clean_html(text)
text = rewrite_urls(text)
return text
def test_rewrite_urls(self):
r = rewrite_urls(u'<a href="http://example.com/">link</a>')
self.assertTrue(u'href="http://example' not in r)
r = rewrite_urls(u'<a href="https://example.com/">link</a>')
self.assertTrue(u'href="https://example' not in r)
r = rewrite_urls(u'<a href="//example.com/">link</a>')
self.assertTrue(u'href="//example' not in r)
r = rewrite_urls(u'<a href="/">link</a>')
self.assertTrue(u'href="/' in r)
r = rewrite_urls(u'<a href="/i/foo/x/y">link</a>')
self.assertTrue(u'href="/i/foo/x/y' in r)
# Do not add any crap
self.assertEqual(rewrite_urls(u''), u'')
self.assertEqual(rewrite_urls(u'<a><img src="//example.com/i"/>x</a>'),
u'<a><img src="//example.com/i"/>x</a>')
def render_body(body):
return rewrite_urls(body)
def render_body(body):
return rewrite_urls(body)