Exemplos de clear_xss em Python

Exemplo n.º 1

def callback():
    """
    修改记录
    """
    # 检查用户权限
    _common_logic.check_user_power()

    front_cover_img = web_helper.get_form('front_cover_img', '图片')
    content = web_helper.get_form('content', '内容', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)

    fields = {
        'front_cover_img': string(front_cover_img),
        'content': string(content),
    }
    # 更新记录
    _infomation_logic = infomation_logic.InfomationLogic()
    result = _infomation_logic.edit_model(1, fields)
    if result:
        return web_helper.return_msg(0, '成功')
    else:
        return web_helper.return_msg(-1, "提交失败")

Exemplo n.º 2

Arquivo: product.py Projeto: xth1994/code

def callback(id):
    """
    修改记录
    """

    name = web_helper.get_form('name', '产品名称')
    code = web_helper.get_form('code', '产品编码')
    product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
    standard = web_helper.get_form('standard', '产品规格')
    quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
    place_of_origin = web_helper.get_form('place_of_origin', '产地')
    front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
    content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)
    is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))

    # 编辑记录
    sql = """
          update product
            set name=%s, code=%s, product_class_id=%s, standard=%s, quality_guarantee_period=%s,
                place_of_origin=%s, front_cover_img=%s, content=%s, is_enable=%s
          where id=%s returning id"""
    vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content,
            is_enable, id)
    # 写入数据库
    result = db_helper.write(sql, vars)
    # 判断是否提交成功
    if result and result[0].get('id'):
        return web_helper.return_msg(0, '成功')
    else:
        return web_helper.return_msg(-1, "提交失败")

Exemplo n.º 3

Arquivo: product.py Projeto: xth1994/code

def callback():
    """
    新增记录
    """
    name = web_helper.get_form('name', '产品名称')
    code = web_helper.get_form('code', '产品编码')
    product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
    standard = web_helper.get_form('standard', '产品规格')
    quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
    place_of_origin = web_helper.get_form('place_of_origin', '产地')
    front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
    content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)
    is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))

    # 添加记录（使用returning这个函数能返回指定的字段值，这里要求返回新添加记录的自增id值）
    sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period,
                place_of_origin, front_cover_img, content, is_enable)
              values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id"""
    vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable)
    # 写入数据库
    result = db_helper.write(sql, vars)
    # 判断是否提交成功
    if result and result[0].get('id'):
        return web_helper.return_msg(0, '成功')
    else:
        return web_helper.return_msg(-1, "提交失败")

Exemplo n.º 4

def callback():
    """
    新增记录
    """
    # 检查用户权限
    _common_logic.check_user_power()

    name = web_helper.get_form('name', '产品名称')
    code = web_helper.get_form('code', '产品编码')
    product_class_id = convert_helper.to_int0(
        web_helper.get_form('product_class_id', '产品分类'))
    standard = web_helper.get_form('standard', '产品规格')
    quality_guarantee_period = web_helper.get_form('quality_guarantee_period',
                                                   '保质期')
    place_of_origin = web_helper.get_form('place_of_origin', '产地')
    front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
    content = web_helper.get_form('content',
                                  '产品描述',
                                  is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)
    is_enable = convert_helper.to_int0(web_helper.get_form(
        'is_enable', '是否启用'))

    # 设置新增参数
    fields = {
        'name': string(name),
        'code': string(code),
        'product_class_id': product_class_id,
        'standard': string(standard),
        'quality_guarantee_period': string(quality_guarantee_period),
        'place_of_origin': string(place_of_origin),
        'front_cover_img': string(front_cover_img),
        'content': string(content),
        'is_enable': is_enable,
    }
    # 实例化product表操作类ProductLogic
    _product_logic = product_logic.ProductLogic()
    # 新增记录
    result = _product_logic.add_model(fields)
    # 判断是否提交成功
    if result:
        return web_helper.return_msg(0, '成功')
    else:
        return web_helper.return_msg(-1, "提交失败")

Exemplo n.º 5

def callback():
    """
    修改记录
    """
    content = web_helper.get_form('content', '内容', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)

    # 更新记录
    sql = """update infomation set content=%s where id=2 returning id"""
    vars = (content, )
    # 写入数据库
    result = db_helper.write(sql, vars)

    if result and result[0].get('id'):
        return web_helper.return_msg(0, '成功')
    else:
        return web_helper.return_msg(-1, "提交失败")

Exemplo n.º 6

def callback():
    """
    修改记录
    """
    front_cover_img = web_helper.get_form('front_cover_img', '图片')
    content = web_helper.get_form('content', '内容', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)

    # 更新记录
    sql = """update infomation set front_cover_img=%s, content=%s where id=1"""
    vars = (
        front_cover_img,
        content,
    )
    # 写入数据库
    db_helper.write(sql, vars)

    # 直接输出json
    return web_helper.return_msg(0, '成功')

Exemplo n.º 7

Arquivo: about.py Projeto: wymshohoku/CompanyWeb

def callback1():
    """
    修改记录
    """
    front_cover_img = web_helper.get_form('front_cover_img', '图片')
    content = web_helper.get_form('content', '内容', is_check_special_char=False)
    # 防sql注入攻击处理
    content = string_helper.filter_str(content, "'")
    # 防xss攻击处理
    content = string_helper.clear_xss(content)

    # 更新记录
    sql = """update infomation set front_cover_img=%s, content=%s where id=1"""
    vars = (
        front_cover_img,
        content,
    )
    # 写入数据库
    with db_helper.PgHelper(db_config.DB, db_config.IS_OUTPUT_SQL) as db:
        db.execute(sql, vars)
        db.commit()

    # 直接输出json
    return web_helper.return_msg(0, '成功')

Exemplo n.º 8

    def test_clear_xss(self):
        print('-----test_clear_xss------')
        print(
            string_helper.clear_xss(
                '<script src="javascript:alert(1);">abc</script>'))
        print(
            string_helper.clear_xss(
                '<iframe src="javascript:alert(1);">abc</iframe>'))
        print(
            string_helper.clear_xss(
                '<div style="width:0;height:0;background:url(javascript:document.body.onload = function(){alert(/XSS/);};">div</div>'
            ))
        print(
            string_helper.clear_xss(
                '<img src = "#"/**/onerror = alert(/XSS/)>'))
        print(
            string_helper.clear_xss('<img src = j ava script:al er t(/XSS/)>'))
        print(
            string_helper.clear_xss("""<img src = j
ava script :a ler t(/xss/)>"""))
        print(
            string_helper.clear_xss(
                '<img src="javacript:alert(\'abc\')"></img>'))
        print(
            string_helper.clear_xss(
                '<img src="https://www.baidu.com/img/baidu_jgylogo3.gif"></img>'
            ))
        print(string_helper.clear_xss('<p src="javascript:alert(1);">abc</p>'))
        print(
            string_helper.clear_xss(
                """<input type="text" value="琅琊榜" onclick="javascript:alert('handsome boy')">"""
            ))
        print(
            string_helper.clear_xss(
                '<p onclick="javascript:alert("handsome boy")>abc</p>'))
        print(
            string_helper.clear_xss('<a href="javascript:alert(1);">abc</a>'))
        print(string_helper.clear_xss('<a href="/api/">abc</a>'))
        print(
            string_helper.clear_xss('<a href="http://www.baidu.com">abc</a>'))
        print(
            string_helper.clear_xss(
                '<marquee onstart="alert(/XSS/)">文字</marquee>'))
        print(
            string_helper.clear_xss(
                '<div style="" onmouseenter="alert(/XSS/)">文字</div>'))
        print(
            string_helper.clear_xss(
                '<li style = "TEST:e-xpression(alert(/XSS/))"></li>'))
        print(
            string_helper.clear_xss(
                '<input id = 1 type = "text" value="" <script>alert(/XSS/)</script>"/>'
            ))
        print(
            string_helper.clear_xss(
                '<base href="http://www.labsecurity.org"/>'))
        print(
            string_helper.clear_xss(
                '<div id="x">alert%28document.cookie%29%3B</div>'))
        print(
            string_helper.clear_xss(
                '<limited_xss_point>eval(unescape(x.innerHTML));</limited_xss_point>'
            ))