def scrubHTMLNoRaise(html):
""" Strip illegal HTML tags from string text. """
warnings.warn(("Call to deprecated function `scrubHTMLNoRaise` or `scrubHTML`."
"Use SafeHTML().scrub_html(html) instead."),
category=DeprecationWarning,
stacklevel=2)
from Products.PortalTransforms.transforms.safe_html import SafeHTML
transform = SafeHTML()
return transform.scrub_html(html)
def scrubHTMLNoRaise(html):
""" Strip illegal HTML tags from string text. """
warnings.warn(
("Call to deprecated function `scrubHTMLNoRaise` or `scrubHTML`."
"Use SafeHTML().scrub_html(html) instead."),
category=DeprecationWarning,
stacklevel=2)
from Products.PortalTransforms.transforms.safe_html import SafeHTML
transform = SafeHTML()
return transform.scrub_html(html)
def html(self):
htmlfile = open(self.fullname + '.htm', 'r')
html = htmlfile.read()
htmlfile.close()
html = SafeHTML().scrub_html(html)
body = bodyfinder(html)
return body
def html(self):
htmlfile = open(self.outputfile, 'r')
html = htmlfile.read()
htmlfile.close()
html = SafeHTML().scrub_html(html)
body = bodyfinder(html)
return body
def html(self):
htmlfile = open("%s/%s.html" % (self.tmpdir, self.__name__), 'r')
html = htmlfile.read()
htmlfile.close()
html = SafeHTML().scrub_html(html)
body = bodyfinder(html)
return body
def afterSetUp(self):
ATSiteTestCase.afterSetUp(self)
self.pt = self.portal.portal_transforms
valid_tags = copy.deepcopy(VALID_TAGS)
valid_tags['script'] = 1
nasty_tags = copy.deepcopy(NASTY_TAGS)
del nasty_tags['script']
self.pt.unregisterTransform('safe_html')
self.pt.registerTransform(
SafeHTML(nasty_tags=nasty_tags, valid_tags=valid_tags))
def afterSetUp(self):
ATSiteTestCase.afterSetUp(self)
self.pt = self.portal.portal_transforms
self.pt.registerTransform(SafeHTML())
# trix delivers html5 and not xhtml, so we we use 1 here to force <br>
'br': 1,
'div': 1,
'em': 1,
'i': 1,
'li': 1,
'ol': 1,
'p': 1,
'strong': 1,
'u': 1,
'ul': 1,
}
SERVER_SIDE_STRING_MAX_LENGTH = 2**14
_transform = SafeHTML(name='trix_to_sablon', valid_tags=VALID_TAGS)
def convert(markup):
"""Use this function to transform markup from trix to markup that can
be processed by sablon.
This converter is expected to do nothing since trix markup is already valid
for sablon. It is just a safeguard against malicious markup injection or
against changes in trix.
Thus we also log to sentry whenever we actually have to convert markup.
"""
data = _transform.convert(markup, data=datastream('trix_to_sablon'))
converted = data.getData()
def test_invalid_tags(self):
data = read_file_data(input_file_path('test_invalid_tags.html'))
self.assertEqual(SafeHTML().scrub_html(data).strip(), '')
def test_javascript_uri(self):
data = read_file_data(input_file_path('test_js_uri.html'))
result = SafeHTML().scrub_html(data)
self.assertTrue('link' in result)