def validateHTML(self, text, description='', **kw):
try:
self.request.form['description'] = scrubHTML(description)
self.request.form['text'] = scrubHTML(text)
return True
except IllegalHTML, errmsg:
return False, errmsg
def __call__(self, value, *args, **kw):
try:
scrubHTML(value)
except IllegalHTML, e:
valid_tags = ",".join(["<%s>" % x for x in VALID_TAGS.keys()])
return '%s Only the HTML tags %s accepted, and only the "href" attribute on <a>.' % (
str(e), valid_tags)
def validateHTML(self, text, description='', **kw):
try:
self.request.form['description'] = scrubHTML(description)
self.request.form['text'] = scrubHTML(text)
return True
except IllegalHTML, errmsg:
return False, errmsg
def getInputValue(self):
value = super(TextInputWidget, self).getInputValue()
if value:
try:
value = scrubHTML(value)
except IllegalHTML, err:
self._error = WidgetInputError(self.context.__name__, self.label, err.args[0])
raise self._error
def getInputValue(self):
value = super(TextInputWidget, self).getInputValue()
if value:
try:
value = scrubHTML(value)
except IllegalHTML, err:
self._error = WidgetInputError(self.context.__name__,
self.label, err.args[0])
raise self._error
def test_scrubHTML(self):
self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'),
'<a href="foo.html">bar</a>')
self.assertEqual(scrubHTML('<b>bar</b>'), '<b>bar</b>')
self.assertEqual(scrubHTML('<base href="" /><base>'),
'<base href="" /><base />')
self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'),
'<blockquote>bar</blockquote>')
self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<body bgcolor="#ffffff">bar</body>')
self.assertEqual(scrubHTML('<br /><br>'), '<br /><br />')
self.assertEqual(scrubHTML('<hr /><hr>'), '<hr /><hr />')
self.assertEqual(scrubHTML('<img src="foo.png" /><img>'),
'<img src="foo.png" /><img />')
self.assertEqual(scrubHTML('<meta name="title" content="" /><meta>'),
'<meta name="title" content="" /><meta />')
def test_scrubHTML_no_adapter_falls_back(self):
from Products.CMFDefault.utils import scrubHTML
self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'),
'<a href="foo.html">bar</a>')
self.assertEqual(scrubHTML('<b>bar</b>'), '<b>bar</b>')
self.assertEqual(scrubHTML('<base href="" /><base>'),
'<base href="" /><base />')
self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'),
'<blockquote>bar</blockquote>')
self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<body bgcolor="#ffffff">bar</body>')
self.assertEqual(scrubHTML('<br /><br>'), '<br /><br />')
self.assertEqual(scrubHTML('<hr /><hr>'), '<hr /><hr />')
self.assertEqual(scrubHTML('<img src="foo.png" /><img>'),
'<img src="foo.png" /><img />')
self.assertEqual(scrubHTML('<meta name="title" content="" /><meta>'),
'<meta name="title" content="" /><meta />')
def test_scrubHTML(self):
self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'),
'<a href="foo.html">bar</a>' )
self.assertEqual( scrubHTML('<b>bar</b>'),
'<b>bar</b>' )
self.assertEqual( scrubHTML('<base href="" /><base>'),
'<base href="" /><base />' )
self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'),
'<blockquote>bar</blockquote>' )
self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<body bgcolor="#ffffff">bar</body>' )
self.assertEqual( scrubHTML('<br /><br>'),
'<br /><br />' )
self.assertEqual( scrubHTML('<hr /><hr>'),
'<hr /><hr />' )
self.assertEqual( scrubHTML('<img src="foo.png" /><img>'),
'<img src="foo.png" /><img />' )
self.assertEqual( scrubHTML('<meta name="title" content="" /><meta>'),
'<meta name="title" content="" /><meta />' )
def test_scrubHTML_with_adapter(self):
from zope.component.testing import setUp
from zope.component.testing import tearDown
from zope.component import getSiteManager
from zope.interface import implements
from Products.CMFDefault.interfaces import IHTMLScrubber
from Products.CMFDefault.utils import scrubHTML
class _Scrubber:
implements(IHTMLScrubber)
def scrub(self, html):
return html.upper()
setUp()
sm = getSiteManager()
try:
sm.registerUtility(_Scrubber(), IHTMLScrubber)
self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'),
'<A HREF="FOO.HTML">BAR</A>' )
self.assertEqual( scrubHTML('<b>bar</b>'),
'<B>BAR</B>' )
self.assertEqual( scrubHTML('<base href="" /><base>'),
'<BASE HREF="" /><BASE>' )
self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'),
'<BLOCKQUOTE>BAR</BLOCKQUOTE>' )
self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<BODY BGCOLOR="#FFFFFF">BAR</BODY>' )
self.assertEqual( scrubHTML('<br /><br>'),
'<BR /><BR>' )
self.assertEqual( scrubHTML('<hr /><hr>'),
'<HR /><HR>' )
self.assertEqual( scrubHTML('<img src="foo.png" /><img>'),
'<IMG SRC="FOO.PNG" /><IMG>' )
self.assertEqual( scrubHTML(
'<meta name="title" content="" /><meta>'),
'<META NAME="TITLE" CONTENT="" /><META>' )
finally:
tearDown()
def test_scrubHTML_no_adapter_falls_back(self):
from Products.CMFDefault.utils import scrubHTML
self.assertEqual( scrubHTML('<a href="foo.html">bar</a>'),
'<a href="foo.html">bar</a>' )
self.assertEqual( scrubHTML('<b>bar</b>'),
'<b>bar</b>' )
self.assertEqual( scrubHTML('<base href="" /><base>'),
'<base href="" /><base />' )
self.assertEqual( scrubHTML('<blockquote>bar</blockquote>'),
'<blockquote>bar</blockquote>' )
self.assertEqual( scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<body bgcolor="#ffffff">bar</body>' )
self.assertEqual( scrubHTML('<br /><br>'),
'<br /><br />' )
self.assertEqual( scrubHTML('<hr /><hr>'),
'<hr /><hr />' )
self.assertEqual( scrubHTML('<img src="foo.png" /><img>'),
'<img src="foo.png" /><img />' )
self.assertEqual( scrubHTML('<meta name="title" content="" /><meta>'),
'<meta name="title" content="" /><meta />' )
def test_scrubHTML_with_adapter(self):
from zope.component.testing import setUp
from zope.component.testing import tearDown
from zope.component import getSiteManager
from zope.interface import implements
from Products.CMFDefault.interfaces import IHTMLScrubber
from Products.CMFDefault.utils import scrubHTML
class _Scrubber:
implements(IHTMLScrubber)
def scrub(self, html):
return html.upper()
setUp()
sm = getSiteManager()
try:
sm.registerUtility(_Scrubber(), IHTMLScrubber)
self.assertEqual(scrubHTML('<a href="foo.html">bar</a>'),
'<A HREF="FOO.HTML">BAR</A>')
self.assertEqual(scrubHTML('<b>bar</b>'), '<B>BAR</B>')
self.assertEqual(scrubHTML('<base href="" /><base>'),
'<BASE HREF="" /><BASE>')
self.assertEqual(scrubHTML('<blockquote>bar</blockquote>'),
'<BLOCKQUOTE>BAR</BLOCKQUOTE>')
self.assertEqual(scrubHTML('<body bgcolor="#ffffff">bar</body>'),
'<BODY BGCOLOR="#FFFFFF">BAR</BODY>')
self.assertEqual(scrubHTML('<br /><br>'), '<BR /><BR>')
self.assertEqual(scrubHTML('<hr /><hr>'), '<HR /><HR>')
self.assertEqual(scrubHTML('<img src="foo.png" /><img>'),
'<IMG SRC="FOO.PNG" /><IMG>')
self.assertEqual(
scrubHTML('<meta name="title" content="" /><meta>'),
'<META NAME="TITLE" CONTENT="" /><META>')
finally:
tearDown()
## Script (Python) "document_edit"
##parameters=text_format, text, file='', SafetyBelt='', change_and_view=''
##title=Edit a document
try:
from Products.CMFDefault.utils import scrubHTML
text = scrubHTML( text ) # Strip Javascript, etc.
context.edit( text_format
, text
, file
, safety_belt=SafetyBelt
)
qst='portal_status_message=Document+changed.'
if change_and_view:
target_action = context.getTypeInfo().getActionById( 'view' )
else:
target_action = context.getTypeInfo().getActionById( 'edit' )
context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
, target_action
, qst
) )
except Exception, msg:
target_action = context.getTypeInfo().getActionById( 'edit' )
context.REQUEST.RESPONSE.redirect(
'%s/%s?portal_status_message=%s' % ( context.absolute_url()
, target_action
, msg
) )
##parameters=text, description='', **kw
##
from Products.CMFDefault.exceptions import IllegalHTML
from Products.CMFDefault.utils import scrubHTML
try:
description = scrubHTML(description)
text = scrubHTML(text)
return context.setStatus(True, text=text, description=description)
except IllegalHTML, errmsg:
return context.setStatus(False, errmsg)
def __call__(self, value, *args, **kw):
try:
scrubHTML(value)
except IllegalHTML, e:
valid_tags = ",".join(["<%s>" % x for x in VALID_TAGS.keys()])
return '%s Only the HTML tags %s accepted, and only the "href" attribute on <a>.' % (str(e), valid_tags)
## Script (Python) "newsitem_edit"
##parameters=text, description, text_format=None, change_and_view=''
##title=Edit a news item
try:
from Products.CMFDefault.utils import scrubHTML
text = scrubHTML( text ) # Strip Javascript, etc.
description = scrubHTML( description )
context.edit(text=text, description=description, text_format=text_format)
qst='portal_status_message=News+Item+changed.'
if change_and_view:
target_action = context.getTypeInfo().getActionById( 'view' )
else:
target_action = context.getTypeInfo().getActionById( 'edit' )
context.REQUEST.RESPONSE.redirect( '%s/%s?%s' % ( context.absolute_url()
, target_action
, qst
) )
except Exception, msg:
target_action = context.getTypeInfo().getActionById( 'edit' )
context.REQUEST.RESPONSE.redirect(
'%s/%s?portal_status_message=%s' % ( context.absolute_url()
, target_action
, msg
) )
## Script (Python) "document_edit"
##parameters=text_format, text, file='', SafetyBelt='', change_and_view=''
##title=Edit a document
try:
from Products.CMFDefault.utils import scrubHTML
text = scrubHTML(text) # Strip Javascript, etc.
context.edit(text_format, text, file, safety_belt=SafetyBelt)
qst = 'portal_status_message=Document+changed.'
if change_and_view:
target_action = context.getTypeInfo().getActionById('view')
else:
target_action = context.getTypeInfo().getActionById('edit')
context.REQUEST.RESPONSE.redirect(
'%s/%s?%s' % (context.absolute_url(), target_action, qst))
except Exception, msg:
target_action = context.getTypeInfo().getActionById('edit')
context.REQUEST.RESPONSE.redirect(
'%s/%s?portal_status_message=%s' %
(context.absolute_url(), target_action, msg))
## Script (Python) "newsitem_edit"
##parameters=text, description, text_format=None, choice=' Change '
##title=Edit a news item
try:
from Products.CMFDefault.utils import scrubHTML
text = scrubHTML(text) # Strip Javascript, etc.
description = scrubHTML(description)
context.edit(text=text, description=description, text_format=text_format)
qst = 'portal_status_message=News+Item+changed.'
if choice == ' Change and View ':
target_action = context.getTypeInfo().getActionById('view')
else:
target_action = context.getTypeInfo().getActionById('edit')
context.REQUEST.RESPONSE.redirect(
'%s/%s?%s' % (context.absolute_url(), target_action, qst))
except Exception, msg:
target_action = context.getTypeInfo().getActionById('edit')
context.REQUEST.RESPONSE.redirect(
'%s/%s?portal_status_message=%s' %
(context.absolute_url(), target_action, msg))
