def render(self, name, value, attrs=None, renderer=None):
widget_html = super(TemplateWidgetMixin,
self).render(name, value, attrs)
if callable(self.template):
return safestring.SafeText(
self.template(value).format(widget_html))
else:
return safestring.SafeText(self.template.format(widget_html))
def __init__(self,html_true="Yes",html_false="No",include_html_tag=False,true_value=True):
super(BooleanDisplay,self).__init__()
if include_html_tag:
self.html_true = safestring.SafeText(html_true)
self.html_false = safestring.SafeText(html_false)
else:
self.html_true = html_true
self.html_false = html_false
self.true_value = true_value
def as_widget(self, widget=None, attrs=None, only_initial=False):
"""
Renders the field by rendering the passed widget, adding any HTML
attributes passed as attrs. If no widget is specified, then the
field's default widget will be used.
"""
#print("============{} {}".format(self.name,self.field.field_name))
#if self.field.field_name == "prescription__loc_locality":
# import ipdb;ipdb.set_trace()
html_layout,field_names,include_primary_field = self.field.get_layout(self)
def get_args():
index0 = 0
index1 = 0
args = []
while index1 < len(field_names):
if isinstance(field_names[index1],(tuple,list)):
if field_names[index1][0] != self.field.related_field_names[index0]:
index0 += 1
else:
args.append(self.related_fields[index0].as_widget(only_initial=only_initial,attrs=field_names[index1][1]))
index0 += 1
index1 += 1
elif field_names[index1] != self.field.related_field_names[index0]:
index0 += 1
else:
args.append(self.related_fields[index0].as_widget(only_initial=only_initial))
index0 += 1
index1 += 1
return args
if include_primary_field:
if isinstance(html_layout,(tuple,list)):
html = super(CompoundBoundFieldMixin,self).as_widget(attrs=html_layout[1],only_initial=only_initial)
html_layout = html_layout[0]
else:
html = super(CompoundBoundFieldMixin,self).as_widget(only_initial=only_initial)
if field_names:
args = get_args()
args.append(self.auto_id)
return safestring.SafeText(html_layout.format(html,*args))
elif html_layout:
return safestring.SafeText(html_layout.format(html,self.auto_id))
else:
return html
elif field_names:
args = get_args()
return safestring.SafeText(html_layout.format(*args))
elif html_layout:
return safestring.SafeText(html_layout)
else:
return ""
def render(self, name, value, attrs=None, renderer=None):
global html_id_seq
html_id = attrs.get("id", None) if attrs else None
if not html_id:
html_id_seq += 1
html_id = "auto_id_{}".format(html_id_seq)
if attrs is None:
attrs = {"id": html_id}
else:
attrs["id"] = html_id
html = super(SelectableSelect, self).render(name, value, attrs)
return safestring.SafeText(u"""
{}
<script type="text/javascript">
$("#{}").selectpicker({{
style: 'btn-default',
size: 6,
liveSearch: true,
dropupAuto: false,
closeOnDateSelect: true,
}});
</script>
""".format(html, html_id))
def as_widget(self, widget=None, attrs=None, only_initial=False):
"""
Renders the field by rendering the passed widget, adding any HTML
attributes passed as attrs. If no widget is specified, then the
field's default widget will be used.
"""
html_layout, field_names = self.field.get_layout(self)
if isinstance(html_layout, (tuple, list)):
html = super(CompoundBoundField,
self).as_widget(attrs=html_layout[1],
only_initial=only_initial)
html_layout = html_layout[0]
else:
html = super(CompoundBoundField,
self).as_widget(only_initial=only_initial)
if field_names:
index0 = 0
index1 = 0
arguments = []
while index1 < len(field_names):
if isinstance(field_names[index1], (tuple, list)):
if field_names[index1][
0] != self.field.related_field_names[index0]:
index0 += 1
else:
arguments.append(self.related_fields[index0].as_widget(
only_initial=only_initial,
attrs=field_names[index1][1]))
index0 += 1
index1 += 1
elif field_names[index1] != self.field.related_field_names[
index0]:
index0 += 1
else:
arguments.append(self.related_fields[index0].as_widget(
only_initial=only_initial))
index0 += 1
index1 += 1
arguments.append(self.auto_id)
return safestring.SafeText(html_layout.format(html, *arguments))
elif html_layout:
return safestring.SafeText(html_layout.format(html, self.auto_id))
else:
return html
def render(self,name,value,attrs=None,renderer=None):
value_str = str(value) if value is not None else ""
if not self.html_id:
html_id = "{}_related_html".format( attrs.get("id"))
wrapped_html = "<span id='{}' {} >{}</span>".format(html_id,"style='display:none'" if (not self.reverse and value_str != self.true_value) or (self.reverse and value_str == self.true_value) else "" ,self.html)
else:
html_id = self.html_id
if (not self.reverse and value_str == self.true_value) or (self.reverse and value_str != self.true_value):
wrapped_html = ""
else:
wrapped_html = """
<script type="text/javascript">
$(document).ready(function() {{
$('#{}').hide()
}})
</script>
""".format(html_id)
show_html = "$('#{0}').show();".format(html_id)
hide_html = "$('#{0}').hide();".format(html_id)
attrs = attrs or {}
if isinstance(self,forms.RadioSelect):
attrs["onclick"]="""
if (this.value === '{0}') {{
{1}
}} else {{
{2}
}}
""".format(self.true_value,hide_html if self.reverse else show_html,show_html if self.reverse else hide_html)
elif isinstance(self,forms.CheckboxInput):
attrs["onclick"]="""
if (this.checked) {{
{0}
}} else {{
{1}
}}
""".format(hide_html if self.reverse else show_html,show_html if self.reverse else hide_html)
elif isinstance(self,forms.Select):
attrs["onchange"]="""
if (this.value === '{0}') {{
{1}
}} else {{
{2}
}}
""".format(self.true_value,hide_html if self.reverse else show_html,show_html if self.reverse else hide_html)
else:
raise Exception("Not implemented")
widget_html = super(SwitchWidgetMixin,self).render(name,value,attrs)
return safestring.SafeText(self.switch_template.format(widget_html,wrapped_html))
def render(self, name, value, attrs=None, renderer=None):
if isinstance(value, datetime):
value = value.strftime("%Y-%m-%d %H:%M")
html = super(DatetimeInput, self).render(name, value, attrs)
datetime_picker = """
<script type="text/javascript">
$("#{}").datetimepicker({{
format: "Y-m-d H:i" ,
maxDate:true,
step: 30,
}});
</script>
""".format(attrs["id"])
return safestring.SafeText("{}{}".format(html, datetime_picker))
# -*- coding: utf-8 -*-
import os
from django.utils import safestring
def insecure_function(text, cls=""):
return '<h1 class="{cls}">{text}</h1>'.format(text=text, cls=cls)
my_insecure_str = insecure_function("insecure", cls="\" onload=\"alert('xss')")
safestring.mark_safe(my_insecure_str)
safestring.SafeText(my_insecure_str)
safestring.SafeUnicode(my_insecure_str)
safestring.SafeString(my_insecure_str)
safestring.SafeBytes(my_insecure_str)
def try_insecure(cls="\" onload=\"alert('xss')"):
try:
my_insecure_str = insecure_function("insecure", cls=cls)
except Exception:
my_insecure_str = "Secure"
safestring.mark_safe(my_insecure_str)
def except_insecure(cls="\" onload=\"alert('xss')"):
try:
my_insecure_str = "Secure"
except Exception:
my_insecure_str = insecure_function("insecure", cls=cls)
safestring.mark_safe(my_insecure_str)
import os
from django.utils import safestring
safestring.mark_safe('<b>secure</b>')
safestring.SafeText('<b>secure</b>')
safestring.SafeUnicode('<b>secure</b>')
safestring.SafeString('<b>secure</b>')
safestring.SafeBytes('<b>secure</b>')
my_secure_str = '<b>Hello World</b>'
safestring.mark_safe(my_secure_str)
my_secure_str, _ = ('<b>Hello World</b>', '')
safestring.mark_safe(my_secure_str)
also_secure_str = my_secure_str
safestring.mark_safe(also_secure_str)
def try_secure():
try:
my_secure_str = 'Secure'
except Exception:
my_secure_str = 'Secure'
else:
my_secure_str = 'Secure'
finally:
my_secure_str = 'Secure'
safestring.mark_safe(my_secure_str)
def render(self, name, value, attrs=None, renderer=None):
return safestring.SafeText(
"<pre style='border:none;background-color:unset'>{}</pre>".format(
to_str(value)))
def render(self, name, value, attrs=None, renderer=None):
if not self.template or not value:
return self.widget.render(name, value, attrs, renderer)
return safestring.SafeText(
self.template.format(
self.widget.render(name, value, attrs, renderer)))
# -*- coding: utf-8 -*-
import os
from django.utils import safestring
safestring.mark_safe("<b>secure</b>")
safestring.SafeText("<b>secure</b>")
safestring.SafeUnicode("<b>secure</b>")
safestring.SafeString("<b>secure</b>")
safestring.SafeBytes("<b>secure</b>")
my_secure_str = "<b>Hello World</b>"
safestring.mark_safe(my_secure_str)
my_secure_str, _ = ("<b>Hello World</b>", "")
safestring.mark_safe(my_secure_str)
also_secure_str = my_secure_str
safestring.mark_safe(also_secure_str)
def try_secure():
try:
my_secure_str = "Secure"
except Exception:
my_secure_str = "Secure"
else:
my_secure_str = "Secure"
finally:
my_secure_str = "Secure"
safestring.mark_safe(my_secure_str)
