def scrub(self, node, filterCIDLinks=True):
"""
Remove all potentially harmful elements from the node and
return a wrapper node.
For reasons (perhaps dubious) of performance, this mutates its
input.
"""
if node.nodeName == 'html':
filler = body = lmx().div(_class="message-html")
for c in node.childNodes:
if c.nodeName == 'head':
for hc in c.childNodes:
if hc.nodeName == 'title':
body.div(_class="message-title").text(domhelpers.gatherTextNodes(hc))
break
elif c.nodeName == 'body':
filler = body.div(_class='message-body')
break
else:
filler = body = lmx().div(_class="message-nohtml")
for e in self.iternode(node):
if getattr(e, 'clean', False):
# If I have manually exploded this node, just forget about it.
continue
ennl = e.nodeName.lower()
if filterCIDLinks and self._filterCIDLink(e):
# we could replace these with a marker element, like we do
# with dangerous tags, but i'm not sure there is a reason to
e.parentNode.removeChild(e)
if ennl in self._goodHtml:
handler = getattr(self, '_handle_' + ennl, None)
if handler is not None:
e = handler(e)
newAttributes = {}
oldAttributes = e.attributes
e.attributes = newAttributes
goodAttributes = self._goodHtml[ennl] + self._alwaysSafeAttributes
for attr in goodAttributes:
if attr in oldAttributes:
newAttributes[attr] = oldAttributes[attr]
else:
e.attributes.clear()
e.setTagName("div")
e.setAttribute("class", "message-html-unknown")
e.setAttribute("style", "display: none")
div = Element('div')
div.setAttribute('class', 'message-html-unknown-tag')
div.appendChild(Text("Untrusted %s tag" % (ennl, )))
e.childNodes.insert(0, div)
filler.node.appendChild(node)
return body.node
#sibling imports
import model
import template
import view
import utils
import interfaces
from twisted.python import components, failure
from twisted.python import reflect
from twisted.python import log
from twisted.internet import defer
viewFactory = view.viewFactory
document = parseString("<xml />", caseInsensitive=0, preserveCase=0)
missingPattern = Element("div", caseInsensitive=0, preserveCase=0)
missingPattern.setAttribute("style", "border: dashed red 1px; margin: 4px")
"""
DOMWidgets are views which can be composed into bigger views.
"""
DEBUG = 0
_RAISE = 1
class Dummy:
pass
class Widget(view.View):
import urllib
import warnings
from twisted.web.microdom import parseString, Element, Node
from twisted.web import domhelpers
import model
import template
import view
import utils
import interfaces
from twisted.python import components, failure
from twisted.python import reflect
from twisted.python import log
from twisted.internet import defer
viewFactory = view.viewFactory
document = parseString("<xml />", caseInsensitive=0, preserveCase=0)
missingPattern = Element("div", caseInsensitive=0, preserveCase=0)
missingPattern.setAttribute("style", "border: dashed red 1px; margin: 4px")
"""
DOMWidgets are views which can be composed into bigger views.
"""
DEBUG = 0
_RAISE = 1
class Dummy:
pass
class Widget(view.View):
"""
A Widget wraps an object, its model, for display. The model can be a
simple Python object (string, list, etc.) or it can be an instance
of L{model.Model}. (The former case is for interface purposes, so that
the rest of the code does not have to treat simple objects differently
from Model instances.)
