def add_front_resources(context, content): view_class = getattr(context["view"], "__class__", None) if context.get("view") else None if not view_class: return if getattr(view_class, "__name__", "") == "AddressesPhase": # For front add_resource( context, "body_end", InlineScriptResource( REGION_CHANGER_JS % { "billing_field_prefix": "#id_billing", "shipping_field_prefix": "#id_shipping", "regions": json.dumps(regions_data) })) if getattr(view_class, "__name__", "") == "ContactEditView": # For admin contact edit add_resource( context, "body_end", InlineScriptResource( REGION_CHANGER_JS % { "billing_field_prefix": "#id_billing_address", "shipping_field_prefix": "#id_shipping_address", "regions": json.dumps(regions_data) })) if getattr( view_class, "__name__", "" ) == "OrderEditView": # For admin order editor only regions is enough add_resource( context, "body_end", InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)}))
def add_front_resources(context, content): view_class = getattr(context["view"], "__class__", None) if context.get("view") else None if not view_class: return view_name = getattr(view_class, "__name__", "") if view_name in ["AddressesPhase", "CheckoutMethodPhase", "CompanyRegistrationView"]: # For front add_resources( context, fields=[ ("initializeBillingRegion", "#id_billing"), ("initializeShippingRegion", "#id_shipping") ] ) elif view_name in ["ContactEditView", "OrderAddressEditView"]: # For admin views add_resources( context, fields=[ ("initializeBillingRegion", "#id_billing_address"), ("initializeShippingRegion", "#id_shipping_address") ] ) elif view_name == "OrderEditView": # For admin order editor only regions is enough add_resource(context, "body_end", InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)})) elif view_name in ["AddressBookEditView"]: add_resources(context, fields=[("initializeRegion", "#id_address")]) elif view_name in ["WizardView"]: add_resource(context, "body_end", InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)}))
def add_resources(context, placement="body_end", fields=None): add_resource(context, placement, InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)})) add_resource(context, placement, InlineScriptResource(REGION_CHANGER_JS)) for function_name, field in fields or []: add_resource( context, placement, InlineScriptResource( CHANGER_FUNCTIONS % {"initialize_function": function_name, "region_field_prefix": field}) )
def add_resources(context, placement="body_end", fields=[""]): add_resource( context, placement, InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)})) add_resource(context, placement, InlineScriptResource(REGION_CHANGER_JS)) for field in fields: add_resource( context, placement, InlineScriptResource(CHANGER_FUNCTIONS % {"region_field_prefix": field}))
def render(self, context): add_resource(context, "body_start", "://example.com/js.js") add_resource(context, "body_start", "://foo/fuzz.png") add_resource(context, "head_end", "://example.com/css.css") add_resource(context, "body_end", InlineScriptResource("alert('xss')")) add_resource(context, "head_end", InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)})) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) # Test duplicates add_resource(context, "head_end", "") # Test the no-op branch add_resource(context, "content_start", InlineMarkupResource("START")) add_resource(context, "content_end", InlineMarkupResource("END")) return self.message
def add_edit_resources(context): """ Possibly inject Xtheme editor injection resources into the given context's resources. :param context: Jinja rendering context :type context: jinja2.runtime.Context """ request = context.get("request") if not (request and could_edit(request) and may_inject(context)): return from ._theme import get_current_theme from .rendering import get_view_config # avoid circular import view_config = get_view_config(context) theme = get_current_theme(request.shop) if not theme: return add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", { "commandUrl": "/xtheme/", # TODO: Use reverse("shuup:xtheme")? "editUrl": "/xtheme/editor/", # TODO: Use reverse("shuup:xtheme")? "themeIdentifier": theme.identifier, "viewName": view_config.view_name, "edit": is_edit_mode(request), "csrfToken": get_token(request), })) add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_edit_resources(context): """ Possibly inject Xtheme editor injection resources into the given context's resources. :param context: Jinja rendering context :type context: jinja2.runtime.Context """ request = context.get("request") if not (request and could_edit(request) and may_inject(context)): return from ._theme import get_current_theme from .rendering import get_view_config # avoid circular import view_config = get_view_config(context) theme = get_current_theme(request=request) if not theme: return add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", { "commandUrl": "/xtheme/", # TODO: Use reverse("shuup:xtheme")? "editUrl": "/xtheme/editor/", # TODO: Use reverse("shuup:xtheme")? "themeIdentifier": theme.identifier, "viewName": view_config.view_name, "edit": is_edit_mode(request), "csrfToken": get_token(request), })) add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_edit_resources(context): """ Possibly inject Xtheme editor injection resources into the given context's resources. :param context: Jinja rendering context :type context: jinja2.runtime.Context """ request = context.get("request") if not can_edit(context): return try: command_url = reverse("shuup:xtheme") edit_url = reverse("shuup:xtheme_editor") inject_snipper = reverse("shuup_admin:xtheme_snippet.list") except NoReverseMatch: # No URLs no resources return from .rendering import get_view_config # avoid circular import view_config = get_view_config(context) theme = get_current_theme(request.shop) add_resource(context, "body_end", InlineScriptResource.from_vars("XthemeEditorConfig", { "commandUrl": command_url, "editUrl": edit_url, "injectSnipperUrl": inject_snipper, "themeIdentifier": theme.identifier, "viewName": view_config.view_name, "edit": is_edit_mode(request), "csrfToken": get_token(request), })) add_resource(context, "head_end", staticfiles_storage.url("xtheme/editor-injection.css")) add_resource(context, "body_end", staticfiles_storage.url("xtheme/editor-injection.js"))
def add_init_fields_resource(context, country_code_field, region_code_field, region_field=None, placement="body_end"): add_resource(context, placement, InlineScriptResource( INITIALIZE_FIELDS_FUNCTION % { "country_code_field": country_code_field, "region_code_field": region_code_field, "region_field": region_field if region_field else "" }) )
def render(self, context): add_resource(context, "body_start", "://example.com/js.js") add_resource(context, "body_start", "://foo/fuzz.png") add_resource(context, "head_end", "://example.com/css.css") add_resource(context, "body_end", InlineScriptResource("alert('xss')")) add_resource(context, "head_end", InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)})) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) add_resource(context, "head_end", InlineMarkupResource(self.meta_markup)) # Test duplicates add_resource(context, "head_end", "") # Test the no-op branch return self.message
def add_front_resources(context, content): view_class = getattr(context["view"], "__class__", None) if context.get("view") else None if not view_class: return view_name = getattr(view_class, "__name__", "") if view_name in ["AddressesPhase", "SingleCheckoutPhase"]: # For front add_resources(context, fields=["#id_billing", "#id_shipping"]) elif view_name == "ContactEditView": # For admin contact edit add_resources(context, fields=["#id_billing_address", "#id_shipping_address"]) elif view_name == "OrderEditView": # For admin order editor only regions is enough add_resource( context, "body_end", InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)})) elif view_name in ["AddressBookEditView"]: add_resources(context, fields=["#id_address"]) elif view_name in ["WizardView"]: add_resource( context, "body_end", InlineScriptResource(REGIONS % {"regions": json.dumps(regions_data)}))
def add_resources(context, content): request = context.get("request") if not request: return match = request.resolver_match if match and match.app_name == "shuup_admin": settings_provider = cached_load( "SHUUP_ADMIN_CHANNEL_SETTINGS_PROVIDER") add_resource( context, "body_end", InlineScriptResource.from_vars( "ShuupAdminChannelConfig", settings_provider.get_configs(request, context))) add_resource(context, "body_end", static("shuup-admin-channel.js"))
def add_test_injection(context, content): add_resource(context, "body_end", InlineScriptResource("window.injectedFromAddon=true;"))