def scrub(self, node, filterCIDLinks=True): """ Remove all potentially harmful elements from the node and return a wrapper node. For reasons (perhaps dubious) of performance, this mutates its input. """ if node.nodeName == 'html': filler = body = lmx().div(_class="message-html") for c in node.childNodes: if c.nodeName == 'head': for hc in c.childNodes: if hc.nodeName == 'title': body.div(_class="message-title").text(domhelpers.gatherTextNodes(hc)) break elif c.nodeName == 'body': filler = body.div(_class='message-body') break else: filler = body = lmx().div(_class="message-nohtml") for e in self.iternode(node): if getattr(e, 'clean', False): # If I have manually exploded this node, just forget about it. continue ennl = e.nodeName.lower() if filterCIDLinks and self._filterCIDLink(e): # we could replace these with a marker element, like we do # with dangerous tags, but i'm not sure there is a reason to e.parentNode.removeChild(e) if ennl in self._goodHtml: handler = getattr(self, '_handle_' + ennl, None) if handler is not None: e = handler(e) newAttributes = {} oldAttributes = e.attributes e.attributes = newAttributes goodAttributes = self._goodHtml[ennl] + self._alwaysSafeAttributes for attr in goodAttributes: if attr in oldAttributes: newAttributes[attr] = oldAttributes[attr] else: e.attributes.clear() e.setTagName("div") e.setAttribute("class", "message-html-unknown") e.setAttribute("style", "display: none") div = Element('div') div.setAttribute('class', 'message-html-unknown-tag') div.appendChild(Text("Untrusted %s tag" % (ennl, ))) e.childNodes.insert(0, div) filler.node.appendChild(node) return body.node
#sibling imports import model import template import view import utils import interfaces from twisted.python import components, failure from twisted.python import reflect from twisted.python import log from twisted.internet import defer viewFactory = view.viewFactory document = parseString("<xml />", caseInsensitive=0, preserveCase=0) missingPattern = Element("div", caseInsensitive=0, preserveCase=0) missingPattern.setAttribute("style", "border: dashed red 1px; margin: 4px") """ DOMWidgets are views which can be composed into bigger views. """ DEBUG = 0 _RAISE = 1 class Dummy: pass class Widget(view.View):