def test_restricted(): #Note that the HTML is escaped, thus rendering the <script> tag harmless. test = "Here is some text.\n<script>alert('hello world')</script>" result = textile.textile_restricted(test) expect = "\t<p>Here is some text.<br />\n<script>alert(‘hello world’)</script></p>" assert result == expect test = "Here's some <!-- commented *out* --> text." result = textile.textile_restricted(test) expect = "\t<p>Here’s some <!— commented <strong>out</strong> —> text.</p>" assert result == expect test = "p[fr]. Partir, c'est toujours mourir un peu." result = textile.textile_restricted(test) expect = '\t<p lang="fr">Partir, c’est toujours mourir un peu.</p>' assert result == expect test = "p{color:blue}. is this blue?" result = textile.textile_restricted(test) expect = '\t<p>is this blue?</p>' assert result == expect test = """\ table{border:1px solid black}. |={color:gray}. Your caption goes here |~. |{position:absolute}. A footer | foo | |-. |_{font-size:xxlarge}. header|_=. centered header| |~. bottom aligned|{background:red;width:200px}. asfd|""" result = textile.textile_restricted(test, lite=False) # styles from alignment hints like =. and ~. are ok expect = '''\ \t<table> \t<caption>Your caption goes here</caption> \t \t<tfoot> \t\t<tr> \t\t\t<td>A footer </td> \t\t\t<td> foo </td> \t\t</tr> \t</tfoot> \t<tbody> \t\t<tr> \t\t\t<th>header</th> \t\t\t<th style="text-align:center;">centered header</th> \t\t</tr> \t\t<tr> \t\t\t<td style="vertical-align:bottom;">bottom aligned</td> \t\t\t<td>asfd</td> \t\t</tr> \t</tbody> \t</table>''' assert result == expect
def testRestricted(self): test = "this is \"some\" *bold text*." result = textile.textile_restricted(test) expect = "\t<p>this is “some” <strong>bold text</strong>.</p>" eq_(result, expect) #Note that the HTML is escaped, thus rendering #the <script> tag harmless. test = "Here is some text.\n<script>alert('hello world')</script>" result = textile.textile_restricted(test) expect = "\t<p>Here is some text.<br /><script>alert('hello world’)</script></p>" eq_(result, expect)
def TestRestricted(self): test = "this is \"some\" *bold text*." result = textile.textile_restricted(test) expect = "\t<p>this is “some” <strong>bold text</strong>.</p>" eq_(result, expect) #Note that the HTML is escaped, thus rendering #the <script> tag harmless. test = "Here is some text.\n<script>alert('hello world')</script>" result = textile.textile_restricted(test) expect = "\t<p>Here is some text.<br /><script>alert('hello world’)</script></p>" eq_(result, expect)
def textile_restricted(value): try: import textile except ImportError: if settings.DEBUG: raise template.TemplateSyntaxError, "Error in {% textile %} filter: The Python textile library isn't installed." return force_unicode(value) else: return mark_safe(force_unicode(textile.textile_restricted(smart_str(value), noimage=False)))
def markup_to_html(markup, markuplang, offering=None, pageversion=None, html_already_safe=False, restricted=False): """ Master function to convert one of our markup languages to HTML (safely). :param markup: the markup code :param markuplang: the markup language, from MARKUP_CHOICES :param offering: the course offering we're converting for :param pageversion: the PageVersion we're converting for :param html_already_safe: markuplang=='html' and markup has already been through sanitize_html() :param restricted: use the restricted HTML subset for discussion (preventing format bombs) :return: HTML markup """ assert isinstance(markup, str) if markuplang == 'creole': if offering: Creole = ParserFor(offering, pageversion) elif pageversion: Creole = ParserFor(pageversion.page.offering, pageversion) else: Creole = ParserFor(offering, pageversion) # Creole.text2html returns utf-8 bytes: standardize all output to unicode html = Creole.text2html(markup).decode('utf8') if restricted: html = sanitize_html(html, restricted=True) elif markuplang == 'markdown': # TODO: the due_date etc tricks that are available in wikicreole html = markdown_to_html(markup) if restricted: html = sanitize_html(html, restricted=True) elif markuplang == 'textile': html = textile_restricted(markup, lite=False) if restricted: html = sanitize_html(html, restricted=True) elif markuplang == 'html' or markuplang == 'html-wysiwyg': # TODO: the due_date etc tricks that are available in wikicreole if html_already_safe: # caller promises sanitize_html() has already been called on the input html = markup else: html = sanitize_html(markup, restricted=restricted) elif markuplang == 'plain': html = mark_safe(linebreaks(markup, autoescape=True)) else: raise NotImplementedError() assert isinstance(html, str) return mark_safe(html.strip())
def test_restricted(): #Note that the HTML is escaped, thus rendering the <script> tag harmless. test = "Here is some text.\n<script>alert('hello world')</script>" result = textile.textile_restricted(test) expect = "\t<p>Here is some text.<br />\n<script>alert(‘hello world’)</script></p>" assert result == expect test = "Here's some <!-- commented *out* --> text." result = textile.textile_restricted(test) expect = "\t<p>Here’s some <!— commented <strong>out</strong> —> text.</p>" assert result == expect test = "p[fr]. Partir, c'est toujours mourir un peu." result = textile.textile_restricted(test) expect = '\t<p lang="fr">Partir, c’est toujours mourir un peu.</p>' assert result == expect
def post(self): parent_oid = self.get_argument("parent_oid") user_oid = self.get_current_user() text = self.get_argument("text") text = sub(r'<.*>', '', text) html = textile_restricted(text) html = sub(r'<p>', '', html) html = sub(r'</p>', '', html) retcode = self.mongoworker.post_comment_by_parent_oid(parent_oid, user_oid, html) self.write(retcode) self.finish()
def format_field(case, field): """ Format long-form text as required by the discipline module, making substitutions as appropriate. """ text = eval("case."+field) if text is None or text.strip() == "": return mark_safe('<p class="empty">None</p>') if field == 'contact_email_text': # special case: contact email is plain text return mark_safe("<pre>" + escape(wrap(case.substitite_values(unicode(text)), 78)) + "</pre>") else: return mark_safe(textile_restricted(case.substitite_values(unicode(text))))
def content_xhtml(self): """ Render content field as XHTML. Memoized in the cache: textile is expensive. """ key = "news-content-" + hashlib.md5(self.content.encode("utf-8")).hexdigest() val = cache.get(key) if val: return mark_safe(val) markup = mark_safe(textile_restricted(unicode(self.content))) cache.set(key, markup, 86400) return markup
def description_html(self): return textile_restricted(self.description, auto_link=True, lite=False)
def textile_restricted_en(node): return mark_safe(textile.textile_restricted(node))