Exemplo n.º 1
0
 def render_basic(self, field, **kwargs):
     html = [field.label(), '<br/>', self.widget(field, **kwargs)]
     help_block = Markup(u'<span class="help-block">{0}</span>')
     if field.description:
         html.append(help_block.format(field.description))
     html.extend(help_block.format(e) for e in field.errors)
     return HTMLString(u''.join(html))
Exemplo n.º 2
0
 def render_basic(self, field, **kwargs):
     html = [field.label(),
             '<br/>',
             self.widget(field, **kwargs)]
     help_block = Markup(u'<span class="help-block">{0}</span>')
     if field.description:
         html.append(help_block.format(field.description))
     html.extend(help_block.format(e) for e in field.errors)
     return HTMLString(u''.join(html))
Exemplo n.º 3
0
 def render_horizontal(self, field, **kwargs):
     html = [
         u'<div class="col-sm-5">',
         field.label(class_=u'control-label'), u'</div>',
         u'<div class="col-sm-7">',
         self.widget(field, **kwargs), u'</div>'
     ]
     help_block = Markup(u'<div class="col-sm-12">'
                         u'<span class="help-block">{0}</span>'
                         u'</div>')
     if field.description:
         html.append(help_block.format(field.description))
     html.extend(help_block.format(e) for e in field.errors)
     return HTMLString(u''.join(html))
Exemplo n.º 4
0
 def render_horizontal(self, field, **kwargs):
     html = [u'<div class="col-sm-5">',
             field.label(class_=u'control-label'),
             u'</div>',
             u'<div class="col-sm-7">',
             self.widget(field, **kwargs),
             u'</div>']
     help_block = Markup(u'<div class="col-sm-12">'
                         u'<span class="help-block">{0}</span>'
                         u'</div>')
     if field.description:
         html.append(help_block.format(field.description))
     html.extend(help_block.format(e) for e in field.errors)
     return HTMLString(u''.join(html))
Exemplo n.º 5
0
    def render(self):
        """Render this notification's message using its context.

        The message can contain HTML markup. Values from the context are
        escaped.
        """
        markup = Markup(self.message)
        markup = markup.format(**self.context)
        return str(markup)
Exemplo n.º 6
0
 def _render_posts(self, header_level, number=5, date_format='compact'):
     redis = yield from self.request.redis
     result = []
     start_div = Markup(
         '<div data-ws-channel="{}?header-level={}&amp;date-format={}">')
     result.append(start_div.format(self.path, header_level, date_format))
     posts = yield from redis.zrange(self.redis_key, -number, -1)
     for post_entry in reversed(list(posts)):
         post, score = yield from post_entry
         rendered = yield from self._render_post(json.loads(post),
                                                 date_format=date_format,
                                                 header_level=header_level)
         result.append(rendered)
     result.append(Markup('</div>'))
     return Markup(''.join(result))
Exemplo n.º 7
0
 def _render_posts(self, header_level, number=5, date_format='compact'):
     redis = yield from self.request.redis
     result = []
     start_div = Markup(
         '<div data-ws-channel="{}?header-level={}&amp;date-format={}">')
     result.append(start_div.format(
         self.path, header_level, date_format))
     posts = yield from redis.zrange(self.redis_key, -number, -1)
     for post_entry in reversed(list(posts)):
         post, score = yield from post_entry
         rendered = yield from self._render_post(
             json.loads(post),
             date_format=date_format,
             header_level=header_level
         )
         result.append(rendered)
     result.append(Markup('</div>'))
     return Markup(''.join(result))
Exemplo n.º 8
0
def generate_pages(current_page, num_of_pages, search=None, status=None, tags=None, window=7):
    """
    Generates the HTML for a paging component using a similar logic to the paging
    auto-generated by Flask managed views. The paging component defines a number of
    pages visible in the pager (window) and once the user goes to a page beyond the
    largest visible, it would scroll to the right the page numbers and keeps the
    current one in the middle of the pager component. When in the last pages,
    the pages won't scroll and just keep moving until the last page. Pager also contains
    <first, previous, ..., next, last> pages.
    This component takes into account custom parameters such as search, status, and tags
    which could be added to the pages link in order to maintain the state between
    client and server. It also allows to make a bookmark on a specific paging state.

    :param current_page: the current page number, 0-indexed
    :param num_of_pages: the total number of pages
    :param search: the search query string, if any
    :param status: 'all', 'active', or 'paused'
    :param tags: array of strings of the current filtered tags
    :param window: the number of pages to be shown in the paging component (7 default)
    :return: the HTML string of the paging component
    """
    void_link = 'javascript:void(0)'
    first_node = Markup(
        """<li class="paginate_button {disabled}" id="dags_first">
    <a href="{href_link}" aria-controls="dags" data-dt-idx="0" tabindex="0">&laquo;</a>
</li>"""
    )

    previous_node = Markup(
        """<li class="paginate_button previous {disabled}" id="dags_previous">
    <a href="{href_link}" aria-controls="dags" data-dt-idx="0" tabindex="0">&lsaquo;</a>
</li>"""
    )

    next_node = Markup(
        """<li class="paginate_button next {disabled}" id="dags_next">
    <a href="{href_link}" aria-controls="dags" data-dt-idx="3" tabindex="0">&rsaquo;</a>
</li>"""
    )

    last_node = Markup(
        """<li class="paginate_button {disabled}" id="dags_last">
    <a href="{href_link}" aria-controls="dags" data-dt-idx="3" tabindex="0">&raquo;</a>
</li>"""
    )

    page_node = Markup(
        """<li class="paginate_button {is_active}">
    <a href="{href_link}" aria-controls="dags" data-dt-idx="2" tabindex="0">{page_num}</a>
</li>"""
    )

    output = [Markup('<ul class="pagination" style="margin-top:0;">')]

    is_disabled = 'disabled' if current_page <= 0 else ''

    first_node_link = (
        void_link if is_disabled else f'?{get_params(page=0, search=search, status=status, tags=tags)}'
    )
    output.append(
        first_node.format(
            href_link=first_node_link,
            disabled=is_disabled,
        )
    )

    page_link = void_link
    if current_page > 0:
        page_link = f'?{get_params(page=current_page - 1, search=search, status=status, tags=tags)}'

    output.append(previous_node.format(href_link=page_link, disabled=is_disabled))

    mid = int(window / 2)
    last_page = num_of_pages - 1

    if current_page <= mid or num_of_pages < window:
        pages = list(range(0, min(num_of_pages, window)))
    elif mid < current_page < last_page - mid:
        pages = list(range(current_page - mid, current_page + mid + 1))
    else:
        pages = list(range(num_of_pages - window, last_page + 1))

    def is_current(current, page):
        return page == current

    for page in pages:
        vals = {
            'is_active': 'active' if is_current(current_page, page) else '',
            'href_link': void_link
            if is_current(current_page, page)
            else f'?{get_params(page=page, search=search, status=status, tags=tags)}',
            'page_num': page + 1,
        }
        output.append(page_node.format(**vals))

    is_disabled = 'disabled' if current_page >= num_of_pages - 1 else ''

    page_link = (
        void_link
        if current_page >= num_of_pages - 1
        else f'?{get_params(page=current_page + 1, search=search, status=status, tags=tags)}'
    )

    output.append(next_node.format(href_link=page_link, disabled=is_disabled))

    last_node_link = (
        void_link
        if is_disabled
        else f'?{get_params(page=last_page, search=search, status=status, tags=tags)}'
    )
    output.append(
        last_node.format(
            href_link=last_node_link,
            disabled=is_disabled,
        )
    )

    output.append(Markup('</ul>'))

    return Markup('\n'.join(output))
Exemplo n.º 9
0
from markupsafe import Markup, escape

# escape replaces special characters and wraps in Markup
escape("<script>alert(document.cookie);</script>")
Markup('&lt;script&gt;alert(document.cookie);&lt;/script&gt;')

# wrap in Markup to mark text "safe" and prevent escaping
Markup("<strong>Hello</strong>")
Markup('<strong>hello</strong>')

escape(Markup("<strong>Hello</strong>"))
Markup('<strong>hello</strong>')

# Markup is a str subclass
# methods and operators escape their arguments
template = Markup("Hello <em>{name}</em>")
template.format(name='"World"')
Markup('Hello <em>&#34;World&#34;</em>')
Exemplo n.º 10
0
def _venue_link(view, context, model, name) -> Markup:
    url = _venue_url(model.venue)
    link = Markup(
        '<a href="{url}" target="_blank" rel="noopener noreferrer">{name}</a>')
    return link.format(url=escape(url),
                       name=escape(model.venue.publicName or model.venue.name))
Exemplo n.º 11
0
def _offerer_link(view, context, model, name) -> Markup:
    url = _offerer_url(model.venue.managingOffererId)
    link = Markup(
        '<a href="{url}" target="_blank" rel="noopener noreferrer">{name}</a>')
    return link.format(url=escape(url),
                       name=escape(model.venue.managingOfferer.name))
Exemplo n.º 12
0
 def format_html(cls, s_tmplt, *args, **kwargs):
     m = Markup(s_tmplt)
     return m.format(*args, **kwargs)
Exemplo n.º 13
0
def test():
    ts = TAINTED_STRING

    # class `Markup` can be used for things that are already safe.
    # if used with any text in a string operation, that other text will be escaped.
    #
    # see https://markupsafe.palletsprojects.com/en/2.0.x/
    m_unsafe = Markup(TAINTED_STRING)
    m_safe = Markup(SAFE)

    # this 3 tests might look strange, but the purpose is to check we still treat `ts`
    # as tainted even after it has been escaped in some place. This _might_ not be the
    # case since data-flow library has taint-steps from adjacent uses...
    ensure_tainted(ts)  # $ tainted
    ensure_not_tainted(
        escape(ts))  # $ escapeInput=ts escapeKind=html escapeOutput=escape(..)
    ensure_tainted(ts)  # $ tainted

    ensure_tainted(
        ts,  # $ tainted
        m_unsafe,  # $ tainted
        m_unsafe +
        SAFE,  # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
        SAFE +
        m_unsafe,  # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
        m_unsafe.format(
            SAFE
        ),  # $ escapeInput=SAFE escapeKind=html escapeOutput=m_unsafe.format(..) MISSING: tainted
        m_unsafe %
        SAFE,  # $ escapeInput=SAFE escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
        m_unsafe +
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr MISSING: tainted
        m_safe.format(m_unsafe),  # $ tainted
        m_safe % m_unsafe,  # $ tainted
        escape(ts).unescape(
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=escape(..) MISSING: tainted
        escape_silent(ts).unescape(
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..) MISSING: tainted
    )

    ensure_not_tainted(
        escape(ts),  # $ escapeInput=ts escapeKind=html escapeOutput=escape(..)
        escape_silent(
            ts
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=escape_silent(..)
        Markup.escape(
            ts
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=Markup.escape(..)
        m_safe,
        m_safe +
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
        ts +
        m_safe,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
        m_safe.format(
            ts
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=m_safe.format(..)
        m_safe %
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr
        escape(ts) +
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape(..)
        escape_silent(ts) +
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=escape_silent(..)
        Markup.escape(ts) +
        ts,  # $ escapeInput=ts escapeKind=html escapeOutput=BinaryExpr escapeOutput=Markup.escape(..)
    )

    # flask re-exports these, as:
    # flask.escape = markupsafe.escape
    # flask.Markup = markupsafe.Markup
    import flask

    ensure_tainted(
        flask.Markup(ts),  # $ tainted
    )

    ensure_not_tainted(
        flask.escape(
            ts
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=flask.escape(..)
        flask.Markup.escape(
            ts
        ),  # $ escapeInput=ts escapeKind=html escapeOutput=flask.Markup.escape(..)
    )