def save(self, *args, **kwargs): self.title = sanitize_html(self.title) if not self.slug: #~ must be unique self.slug =render_unique_slug(self.__class__, slugify(self.title)) self.text = sanitize_html(self.text) super(Question, self).save()
def markup(value, mtype=1): try: from django.utils.html import escape if mtype == MARKDOWN[0]: try: import markdown2 except ImportError: try: from django.contrib.markup.templatetags.markup import markdown except ImportError: return sanitize_html(force_unicode(value)) return mark_safe(sanitize_html(markdown(force_unicode(value)))) else: safe_mode = False return mark_safe(sanitize_html(markdown2.markdown(force_unicode(value), safe_mode=safe_mode))) elif mtype == TEXTILE[0]: from django.contrib.markup.templatetags.markup import textile return textile(force_unicode(value)) ## elif mtype == REST[0]: ## from django.contrib.markup.templatetags.markup import restructuredtext ## return restructuredtext(value) elif mtype == HTML[0]: return mark_safe(sanitize_html(force_unicode(value))) elif mtype == PLAINTEXT[0]: return escape(force_unicode(value)) else: return markup(value, DEFAULT_MARKUP[0]) except ImportError: # Not marking safe, in case tag fails and users input malicious code. return force_unicode(value)
def get_book(db, uuid): ''' Returns book with the param uuid ''' book = db.books.find_one({'uuid': uuid}, PUBLIC_SINGLE_BOOK_FIELDS) if book: return utils.sanitize_html(book) return None
def get_context_data(self, **kwargs): context = super(QuestionTagView, self).get_context_data(**kwargs) # ~ have to clean the tag slug as it comes from the url and is not safe context["tag_slug"] = sanitize_html(self.kwargs["slug"]) context["template_to_extend"] = "base.html" return context
def save(self, *args, **kwargs): self.text = sanitize_html(self.text, clear=True) super(QAComment, self).save()
def save(self, *args, **kwargs): self.text = sanitize_html(self.text) super(Answer, self).save()
def get_context_data(self, **kwargs): context = super(QuestionTagView, self).get_context_data(**kwargs) #~ have to clean the tag slug as it comes from the url and is not safe context['tag_slug'] = sanitize_html(self.kwargs['slug']) context['template_to_extend'] = "base.html" return context
def editjob(hashid, key, form=None, post=None, validated=False): if form is None: form = forms.ListingForm(request.form) form.job_type.choices = [(ob.id, ob.title) for ob in JobType.query.filter_by(public=True).order_by('seq')] form.job_category.choices = [(ob.id, ob.title) for ob in JobCategory.query.filter_by(public=True).order_by('seq')] if post is None: post = JobPost.query.filter_by(hashid=hashid).first_or_404() if key != post.edit_key: abort(403) # Don't allow email address to be changed once its confirmed if request.method == 'POST' and post.status >= POSTSTATUS.PENDING: form.poster_email.data = post.email if request.method == 'POST' and (validated or form.validate()): form_description = sanitize_html(form.job_description.data) form_perks = sanitize_html(form.job_perks_description.data) if form.job_perks.data else '' form_how_to_apply = form.job_how_to_apply.data form_email_domain = get_email_domain(form.poster_email.data) form_words = get_word_bag(u' '.join((form_description, form_perks, form_how_to_apply))) similar = False for oldpost in JobPost.query.filter(JobPost.email_domain == form_email_domain).filter( JobPost.status > POSTSTATUS.PENDING).filter( JobPost.datetime > datetime.utcnow() - agelimit).all(): if oldpost.id != post.id: if oldpost.words: s = SequenceMatcher(None, form_words, oldpost.words) if s.ratio() > 0.6: similar = True break if similar: flash("This listing is very similar to an earlier listing. You may not relist the same job " "in less than %d days. If you believe this to be an error, please email us at %s." % (agelimit.days, app.config['ADMINS'][0]), category='interactive') else: post.headline = form.job_headline.data post.type_id = form.job_type.data post.category_id = form.job_category.data post.location = form.job_location.data post.relocation_assist = form.job_relocation_assist.data post.description = form_description post.perks = form_perks post.how_to_apply = form_how_to_apply post.company_name = form.company_name.data post.company_url = form.company_url.data post.email = form.poster_email.data post.email_domain = form_email_domain post.md5sum = md5sum(post.email) # To protect from gaming, don't allow words to be removed in edited listings once the post # has been confirmed. Just add the new words. if post.status >= POSTSTATUS.CONFIRMED: prev_words = post.words or '' else: prev_words = u'' post.words = get_word_bag(u' '.join((prev_words, form_description, form_perks, form_how_to_apply))) if request.files['company_logo']: # The form's validator saved the processed logo in g.company_logo. thumbnail = g.company_logo logofilename = uploaded_logos.save(thumbnail, name='%s.' % post.hashid) post.company_logo = logofilename else: if form.company_logo_remove.data: post.company_logo = None db.session.commit() userkeys = session.get('userkeys', []) userkeys.append(post.edit_key) session['userkeys'] = userkeys session.permanent = True return redirect(url_for('jobdetail', hashid=post.hashid), code=303) elif request.method == 'POST': flash("Please correct the indicated errors", category='interactive') elif request.method == 'GET': # Populate form from model form.job_headline.data = post.headline form.job_type.data = post.type_id form.job_category.data = post.category_id form.job_location.data = post.location form.job_relocation_assist.data = post.relocation_assist form.job_description.data = post.description form.job_perks.data = True if post.perks else False form.job_perks_description.data = post.perks form.job_how_to_apply.data = post.how_to_apply form.company_name.data = post.company_name form.company_url.data = post.company_url form.poster_email.data = post.email return render_template('postjob.html', form=form, no_email=post.status > POSTSTATUS.DRAFT)