def scrub(self, node, filterCIDLinks=True): """ Remove all potentially harmful elements from the node and return a wrapper node. For reasons (perhaps dubious) of performance, this mutates its input. """ if node.nodeName == 'html': filler = body = lmx().div(_class="message-html") for c in node.childNodes: if c.nodeName == 'head': for hc in c.childNodes: if hc.nodeName == 'title': body.div(_class="message-title").text(domhelpers.gatherTextNodes(hc)) break elif c.nodeName == 'body': filler = body.div(_class='message-body') break else: filler = body = lmx().div(_class="message-nohtml") for e in self.iternode(node): if getattr(e, 'clean', False): # If I have manually exploded this node, just forget about it. continue ennl = e.nodeName.lower() if filterCIDLinks and self._filterCIDLink(e): # we could replace these with a marker element, like we do # with dangerous tags, but i'm not sure there is a reason to e.parentNode.removeChild(e) if ennl in self._goodHtml: handler = getattr(self, '_handle_' + ennl, None) if handler is not None: e = handler(e) newAttributes = {} oldAttributes = e.attributes e.attributes = newAttributes goodAttributes = self._goodHtml[ennl] + self._alwaysSafeAttributes for attr in goodAttributes: if attr in oldAttributes: newAttributes[attr] = oldAttributes[attr] else: e.attributes.clear() e.setTagName("div") e.setAttribute("class", "message-html-unknown") e.setAttribute("style", "display: none") div = Element('div') div.setAttribute('class', 'message-html-unknown-tag') div.appendChild(Text("Untrusted %s tag" % (ennl, ))) e.childNodes.insert(0, div) filler.node.appendChild(node) return body.node
#sibling imports import model import template import view import utils import interfaces from twisted.python import components, failure from twisted.python import reflect from twisted.python import log from twisted.internet import defer viewFactory = view.viewFactory document = parseString("<xml />", caseInsensitive=0, preserveCase=0) missingPattern = Element("div", caseInsensitive=0, preserveCase=0) missingPattern.setAttribute("style", "border: dashed red 1px; margin: 4px") """ DOMWidgets are views which can be composed into bigger views. """ DEBUG = 0 _RAISE = 1 class Dummy: pass class Widget(view.View):
import urllib import warnings from twisted.web.microdom import parseString, Element, Node from twisted.web import domhelpers import model import template import view import utils import interfaces from twisted.python import components, failure from twisted.python import reflect from twisted.python import log from twisted.internet import defer viewFactory = view.viewFactory document = parseString("<xml />", caseInsensitive=0, preserveCase=0) missingPattern = Element("div", caseInsensitive=0, preserveCase=0) missingPattern.setAttribute("style", "border: dashed red 1px; margin: 4px") """ DOMWidgets are views which can be composed into bigger views. """ DEBUG = 0 _RAISE = 1 class Dummy: pass class Widget(view.View): """ A Widget wraps an object, its model, for display. The model can be a simple Python object (string, list, etc.) or it can be an instance of L{model.Model}. (The former case is for interface purposes, so that the rest of the code does not have to treat simple objects differently from Model instances.)