def render_token_radiobutton(self, item, value): """Render the radio-button input element for an item.""" if isinstance(item, NullObject): # XXX - the checkedness persistency does not work as this is not a real value being passed in return ( u'<input id="{id}" name="{name}" value="{value}" title="{title}" type="radio" "{checked}" />' .format( id=u'-'.join((self.id, u'empty-marker')), name=self.name, value=u'--NOVALUE--', checked=u'checked="checked"' if u'--NOVALUE--' in self.value else u'', title=_(u'label_none', default=u'None'), ) ) term = self.terms.getTerm(item) is_checked = self.is_checked(term) item_id = '%s-%s' % (self.id, term.token) return u'<input id="{id}" name="{name}" value="{value}"'\ 'title="{title}" type="radio" {checked} />'.format( id=item_id, name=escape_html(self.name), value=term.token, checked='checked="checked"' if is_checked else '', title=escape_html(self.render_default_title(item, value)), )
def linked(item, value): """Takes an item (object or brain) and returns a HTML snippet that contains a link to the item, it's icon and breadcrumbs in the tooltip. """ if isinstance(value, unicode): value = value.encode('utf-8') # Determine URL method url_method = lambda: '#' if hasattr(item, 'getURL'): url_method = item.getURL elif hasattr(item, 'absolute_url'): url_method = item.absolute_url # Construct CSS class css_class = get_css_class(item) # Construct breadcrumbs breadcrumb_titles = _breadcrumbs_from_item(item) link_title = " > ".join(t for t in breadcrumb_titles) # Make sure all data used in the HTML snippet is properly escaped link_title = escape_html(link_title) value = escape_html(value) link = '<a class="rollover-breadcrumb %s" href="%s" title="%s">%s</a>' % ( css_class, url_method(), link_title, value) wrapper = '<span class="linkWrapper">%s</span>' % link return wrapper
def render_token_radiobutton(self, item, value): """Render the radio-button input element for an item.""" if isinstance(item, NullObject): # XXX - the checkedness persistency does not work as this is not a real value being passed in return ( u'<input id="{id}" name="{name}" value="{value}" title="{title}" type="radio" "{checked}" />' .format( id=u'-'.join((self.id, u'empty-marker')), name=self.name, value=u'--NOVALUE--', checked=u'checked="checked"' if u'--NOVALUE--' in self.value else u'', title=_(u'label_none', default=u'None'), )) term = self.terms.getTerm(item) is_checked = self.is_checked(term) item_id = '%s-%s' % (self.id, term.token) return u'<input id="{id}" name="{name}" value="{value}"'\ 'title="{title}" type="radio" {checked} />'.format( id=item_id, name=escape_html(self.name), value=term.token, checked='checked="checked"' if is_checked else '', title=escape_html(self.render_default_title(item, value)), )
def _build_html_tree(self, children=(), level=1): output = u'' for node in children: output = u''.join(( output, u'<li class="treeItem visualNoMarker">\n', )) title = escape_html(node.get('title')) url = escape_html(node.get('url')) css_class = node.get("css_class") sub_children = node.get('children') if title: if url and title: anchor = (u'#blocked-local-roles' if sub_children else u'#sharing') target_url = u''.join(( url.decode('UTF-8'), anchor, )) output = u''.join(( output, u'<a class="{} blocked-local-roles-link" href="{}">{}</a>' .format( css_class, target_url, title.decode('UTF-8'), ), )) else: output = u''.join(( output, u'<span class="{} blocked-local-roles-link">{}</span>'. format( css_class, title.decode('UTF-8'), ), )) if sub_children: output = u''.join(( output, u'<ul class="level{}">\n{}\n</ul>\n'.format( str(level), self._build_html_tree(sub_children, level + 1), ), )) output.join(( output, u'</li>\n', )) return output
def byline_items(self): meeting = self.context.model yield { 'class': 'byline-meeting-wf-state-{}'.format(meeting.workflow_state), 'label': _('meeting_byline_workflow_state', default='State'), 'content': meeting.get_state().title } yield { 'label': _('meeting_byline_start', default='Start'), 'content': meeting.get_start() } if meeting.get_end(): yield { 'label': _('meeting_byline_end', default='End'), 'content': meeting.get_end() } yield self.get_role_item( 'byline-presidency', _('meeting_byline_presidency', default='Presidency'), meeting.presidency) yield self.get_role_item( 'byline-secretary', _('meeting_byline_secretary', default='Secretary'), meeting.secretary) if meeting.location: yield { 'label': _('meeting_byline_location', default='Location'), 'content': meeting.location } dossier = meeting.get_dossier() if api.user.has_permission('View', obj=dossier): dossier_html = linked(dossier, dossier.Title()) else: no_access_tooltip = safe_unicode( translate( _(u'You are not allowed to view the meeting dossier.'), context=self.request)) dossier_html = ( u'<span class="{classes}">' u'<span class="no_access" title="{no_access_tooltip}">' u'{title}</span></span>').format( classes=safe_unicode(get_css_class(dossier)), no_access_tooltip=escape_html(no_access_tooltip), title=escape_html(safe_unicode(dossier.Title()))) yield { 'label': _('meeting_byline_meetin_dossier', default='Meeting dossier'), 'content': dossier_html, 'replace': True }
def get_link(self, with_state_icon=True, with_responsible_info=True): title = escape_html(self.title) admin_unit = self.get_admin_unit() if not admin_unit: return u'<span class="{}">{}</span>'.format( self.get_css_class(), title, ) url = self.absolute_url() breadcrumb_titles = u"[{}] > {}".format( admin_unit.title, escape_html(self.breadcrumb_title), ) responsible_info = u' <span class="discreet">({})</span>'.format( self.get_responsible_label(linked=False), ) link_content = u'<span class="{}">{}</span>'.format( self.get_css_class(), title, ) # If the target is on a different client we need to make a popup if self.admin_unit_id != get_current_admin_unit().id(): link_target = u' target="_blank"' else: link_target = u'' # Render the full link if we have acccess if self.has_access(api.user.get_current()): link = u'<a href="{}"{} title="{}">{}</a>'.format( url, link_target, breadcrumb_titles, link_content, ) else: link = link_content if with_responsible_info: link = u'{} {}'.format(link, responsible_info) # wrapped it into span tag if with_state_icon: link = self._task_state_wrapper(link) else: link = u'<span>%s</span>' % (link) return link
def _build_html_tree(self, children=(), level=1): output = u'' for node in children: output = u''.join(( output, u'<li class="treeItem visualNoMarker">\n', )) title = escape_html(node.get('title')) reference = escape_html(node.get('reference')) url = escape_html(node.get('url')) css_class = node.get("css_class") sub_children = node.get('children') if title: if url and title: anchor = ( u'#blocked-local-roles' if sub_children else u'#sharing' ) target_url = u''.join((url.decode('UTF-8'), anchor, )) output = u''.join(( output, u'<a class="{} blocked-local-roles-link" href="{}">{} - {}</a>' .format( css_class, target_url, title.decode('UTF-8'), reference, ), )) else: output = u''.join(( output, u'<span class="{} blocked-local-roles-link">{} - {}</span>' .format( css_class, title.decode('UTF-8'), reference, ), )) if sub_children: output = u''.join(( output, u'<ul class="level{}">\n{}\n</ul>\n'.format( str(level), self._build_html_tree(sub_children, level + 1), ), )) output.join((output, u'</li>\n', )) return output
def render_tree(self): context_path = '/'.join(self.context.getPhysicalPath()) query_filter = { 'object_provides': ( IRepositoryFolder.__identifier__, IDossierMarker.__identifier__, ), 'blocked_local_roles': True, } dossier_container_brains = api.content.find( context=self.context, **query_filter) if dossier_container_brains: title = escape_html(translate( _( u'label_blocked_local_roles', default=u'Protected Objects', ), context=getRequest(), )) title_element = u''.join((u'<h1>', title, u'</h1>', )) tree = Treeify( dossier_container_brains, context_path, node_updater, ) # XXX - Preserving the reference number tree order. # Sorting here was easier than figuring out the treeifying. iterable_children = sorted( tree(self.context).get('children', ()), key=lambda child: child.get('title', ''), ) rendered_tree = self._build_html_tree(iterable_children) garnished_tree = ''.join(( title_element, rendered_tree, )) return garnished_tree title = escape_html(translate( _( u'label_no_blocked_local_roles', default=u'No protected objects were found within this scope.', ), context=getRequest(), )) title_element = u''.join((u'<h1>', title, u'</h1>', )) return title_element
def get_link(self): url = self.get_url() if api.user.has_permission('View', obj=self.committee.resolve_committee()): link = u'<a href="{0}" title="{1}" class="{2}">{1}</a>'.format( url, escape_html(self.get_title()), self.css_class) else: link = u'<span title="{0}" class="{1}">{0}</a>'.format( escape_html(self.get_title()), self.css_class) return link
def get_title(self, show_email_as_link=True): fullname = escape_html(self.fullname) email = escape_html(self.email) if not email: return fullname if show_email_as_link: email = u'<a href="mailto:{email}">{email}</a>'.format(email=email) participant = u'{} ({})'.format(fullname, email) return participant
def linked(item, value): """Takes an item (object or brain) and returns a HTML snippet that contains a link to the item, it's icon and breadcrumbs in the tooltip. """ if isinstance(value, unicode): value = value.encode('utf-8') # Determine URL and UID url = get_url(item) if ICatalogBrain.providedBy(item): uid = item.UID else: uid = IUUID(item) # Construct CSS class css_class = get_css_class(item) # Make sure all data used in the HTML snippet is properly escaped value = escape_html(value) link = '<a class="rollover-breadcrumb %s" href="%s" data-uid="%s">%s</a>' % ( css_class, url, uid, value) wrapper = '<span class="linkWrapper">%s</span>' % link return wrapper
def linked_sql_object(item, value): """Tabbedview helper for sqlobjects, wich renders a link to the sqlobjects url. The given item must provide a `get_url` getter. """ return u'<a href="{}">{}</a>'.format(item.get_url(), escape_html(value))
def linked(item, value): """Takes an item (object or brain) and returns a HTML snippet that contains a link to the item, it's icon and breadcrumbs in the tooltip. """ if isinstance(value, unicode): value = value.encode('utf-8') # Determine URL method and UID url_method = lambda: '#' if hasattr(item, 'getURL'): url_method = item.getURL uid = item.UID elif hasattr(item, 'absolute_url'): url_method = item.absolute_url uid = IUUID(item) # Construct CSS class css_class = get_css_class(item) # Make sure all data used in the HTML snippet is properly escaped value = escape_html(value) link = '<a class="rollover-breadcrumb %s" href="%s" data-uid="%s">%s</a>' % ( css_class, url_method(), uid, value) wrapper = '<span class="linkWrapper">%s</span>' % link return wrapper
def linked(item, value, with_tooltip=True): """Takes an item (object or brain) and returns a HTML snippet that contains a link to the item, it's icon and breadcrumbs in the tooltip. """ if isinstance(value, unicode): value = value.encode('utf-8') # Determine URL and UID url = get_url(item) if ICatalogBrain.providedBy(item) or isinstance(item, SolrDocument): uid = item.UID else: uid = IUUID(item) # Construct CSS class css_class = get_css_class(item) # Make sure all data used in the HTML snippet is properly escaped value = escape_html(value) if with_tooltip: css_class = "rollover-breadcrumb " + css_class link = '<a class="%s" href="%s" data-uid="%s"><span>%s</span></a>' % ( css_class, url, uid, value) wrapper = '<span class="linkWrapper">%s</span>' % link return wrapper
def _prepare_webaction_data(self, action): data = {key: value if key in self._attributes_not_to_escape else escape_html(value) for key, value in action.items()} data['target_url'] = "{}?{}".format( data['target_url'], urlencode(self._get_webaction_parameters())) return data
def render_token_radiobutton(self, item, value): """Render the radio-button input element for an item.""" term = self.terms.getTerm(item) is_checked = self.is_checked(term) item_id = '%s-%s' % (self.id, term.token) return u'<input id="{id}" name="{name}" value="{value}"'\ 'title="{title}" type="radio" {checked} />'.format( id=item_id, name=escape_html(self.name), value=term.token, checked='checked="checked"' if is_checked else '', title=escape_html(self.render_default_title(item, value)), )
def get_link(self): url = self.get_url() if not url: return "" link = u'<a href="{0}" title="{1}">{1}</a>'.format(url, escape_html(self.title)) return link
def get_link(self): url = self.get_url() if not url: return '' link = u'<a href="{0}" title="{1}">{1}</a>'.format( url, escape_html(self.title)) return link
def _get_link(self, url, include_icon=True): title = escape_html(self.title) if include_icon: link = u'<a href="{0}" title="{1}" class="{2}">{1}</a>'.format( url, title, self.css_class) else: link = u'<a href="{0}" title="{1}">{1}</a>'.format(url, title) return link
def dossier_link(item, value): dossier = item.get_dossier() if not dossier: return url = dossier.absolute_url() link = u'<a href="{0}" title="{1}" class="{2}">{1}</a>'.format( url, escape_html(dossier.title), get_css_class(dossier)) return link
def byline_items(self): meeting = self.context.model yield {'class': 'byline-meeting-wf-state-{}'.format(meeting.workflow_state), 'label': _('meeting_byline_workflow_state', default='State'), 'content': meeting.get_state().title} yield {'label': _('meeting_byline_start', default='Start'), 'content': meeting.get_start()} if meeting.get_end(): yield {'label': _('meeting_byline_end', default='End'), 'content': meeting.get_end()} yield self.get_role_item( 'byline-presidency', _('meeting_byline_presidency', default='Presidency'), meeting.presidency) yield self.get_role_item( 'byline-secretary', _('meeting_byline_secretary', default='Secretary'), meeting.secretary) if meeting.location: yield {'label': _('meeting_byline_location', default='Location'), 'content': meeting.location} dossier = meeting.get_dossier() if api.user.has_permission('View', obj=dossier): dossier_html = linked(dossier, dossier.Title()) else: no_access_tooltip = safe_unicode(translate( _(u'You are not allowed to view the meeting dossier.'), context=self.request)) dossier_html = ( u'<span class="{classes}">' u'<span class="no_access" title="{no_access_tooltip}">' u'{title}</span></span>').format( classes=safe_unicode(get_css_class(dossier)), no_access_tooltip=escape_html(no_access_tooltip), title=escape_html(safe_unicode(dossier.Title()))) yield {'label': _('meeting_byline_meetin_dossier', default='Meeting dossier'), 'content': dossier_html, 'replace': True}
def linked_containing_maindossier(item, value): title = safe_unicode(escape_html(item.containing_dossier)) url = get_url(item) if not url: return title redirect_url = u"{}/redirect_to_main_dossier".format(safe_unicode(get_url(item))) link = u'<a href="{}" title="{}" class="maindossierLink">{}</a>'.format( redirect_url, title, title) return link
def linked_document_subdossier(item, value): subdossier_title = item.containing_subdossier if not subdossier_title: return '' url = "{}/redirect_to_parent_dossier".format(item.getURL()) title = escape_html(subdossier_title) link = '<a href="{}" title="{}" class="subdossierLink">{}</a>'.format( url, title, title) return link
def linked_containing_maindossier(item, value): title = safe_unicode(escape_html(item.containing_dossier)) url = get_url(item) if not url: return title redirect_url = u"{}/redirect_to_main_dossier".format( safe_unicode(get_url(item))) link = u'<a href="{}" title="{}" class="maindossierLink">{}</a>'.format( redirect_url, title, title) return link
def get_link(self, with_icon=False): url = self.get_profile_url() label = escape_html(self.get_label()) if not url: return label if with_icon: link = u'<a href="{}" class="contenttype-opengever-actor">{}</a>'.format(url, label) else: link = u'<a href="{}">{}</a>'.format(url, label) return link
def get_link(self, with_icon=False): url = self.get_profile_url() label = escape_html(self.get_label()) if not url: return label if with_icon: link = u'<a href="{}" class="contenttype-opengever-actor">{}</a>'.format( url, label) else: link = u'<a href="{}">{}</a>'.format(url, label) return link
def linked_containing_subdossier(item, value): subdossier_title = item.containing_subdossier if not subdossier_title: return '' title = safe_unicode(escape_html(subdossier_title)) url = get_url(item) if not url: return title redirect_url = u"{}/redirect_to_parent_dossier".format(safe_unicode(url)) link = u'<a href="{}" title="{}" class="subdossierLink">{}</a>'.format( redirect_url, title, title) return link
def save(self): if self.comment: comment = escape_html(self.comment).encode('utf-8') else: comment = '' entry = {'obj': self.context, 'action': PersistentDict({ 'type': MANUAL_JOURNAL_ENTRY, 'title': self.get_title(), 'visible': True, 'documents': self.serialize_documents(), 'contacts': self.serialize_contacts(), 'users': self.serialize_users()}), 'actor': api.user.get_current().getId(), 'comment': comment} notify(JournalEntryEvent(**entry))
def escaped_description(self, item): """Return description and guarantee escaping of html special chars. OGSolrContentListingObject.CroppedDescription will return markup with highlighting using <em> tags and with html special chars already escaped, whereas CatalogContentListingObject.CroppedDescription won't escape. To make sure that tal:structure can be used safely we guarantee escaping in this method in case the search results come from the catalog and not from SOLR. """ description = item.CroppedDescription() if self.use_solr: # the description is escaped already by solr return description else: return escape_html(description)
def get_link(self, with_icon=False): url = self.get_profile_url() label = escape_html(self.get_label()) if not url: if with_icon: return u'<span class="actor-label {}">{}</span>'.format( self.css_class, label) return label if with_icon: link = u'<a href="{}" class="actor-label {}">{}</a>'.format( url, self.css_class, label) else: link = u'<a href="{}">{}</a>'.format(url, label) return link
def linked_subjects(item, subjects): if not subjects: return '' subjects = sorted(subjects) links = [] for subject in subjects: subject = escape_html(safe_utf8(subject)) quoted_subject = quote_plus(subject) url = u'{}/@@search?Subject={}'.format( api.portal.get().absolute_url(), quoted_subject) links.append(u'<a href="{}" class="subjectLinks">{}</a>'.format( url, safe_unicode(subject))) return u', '.join(links)
def save(self): if self.comment: comment = escape_html(self.comment).encode('utf-8') else: comment = '' entry = { 'obj': self.context, 'action': PersistentDict({ 'type': MANUAL_JOURNAL_ENTRY, 'title': self.get_title(), 'visible': True, 'documents': self.serialize_documents(), 'contacts': self.serialize_contacts(), 'users': self.serialize_users() }), 'actor': api.user.get_current().getId(), 'comment': comment } notify(JournalEntryEvent(**entry))
def test_escapes_none_returns_none(self): text = None self.assertEquals(None, escape_html(text))
def get_description(self): if hasattr(self.context, 'dynamic_description') and self.context.dynamic_description: return escape_html(self.context.dynamic_description) return self.context.field.description
def test_escapes_apostrophes(self): text = "Foo 'Bar' Baz" self.assertEquals('Foo 'Bar' Baz', escape_html(text))
def test_escapes_ampersand(self): text = "Foo &Bar& Baz" self.assertEquals('Foo &Bar& Baz', escape_html(text))
def test_escapes_empty_string_returns_empty_string(self): text = '' self.assertEquals('', escape_html(text))
def render_tree(self): context_path = '/'.join(self.context.getPhysicalPath()) query_filter = { 'object_provides': ( IRepositoryFolder.__identifier__, IDossierMarker.__identifier__, ), 'blocked_local_roles': True, } dossier_container_brains = api.content.find(context=self.context, **query_filter) if dossier_container_brains: title = escape_html( translate( _( u'label_blocked_local_roles', default=u'Protected Objects', ), context=getRequest(), )) title_element = u''.join(( u'<h1>', title, u'</h1>', )) tree = Treeify( dossier_container_brains, context_path, self.node_updater, ) # XXX - Preserving the reference number tree order. # Sorting here was easier than figuring out the treeifying. iterable_children = sorted( tree(self.context).get('children', ()), key=lambda child: child.get('title', ''), ) rendered_tree = self._build_html_tree(iterable_children) garnished_tree = ''.join(( title_element, rendered_tree, )) return garnished_tree title = escape_html( translate( _( u'label_no_blocked_local_roles', default= u'No protected objects were found within this scope.', ), context=getRequest(), )) title_element = u''.join(( u'<h1>', title, u'</h1>', )) return title_element
def escape_html_transform(item, value): if value is None: return value return escape_html(value)
def document_with_icon(item, value): value = escape_html(value) icon = u'<span class="{}"></span><span>{}</span>'.format( get_css_class(item), value) return icon
def get_link(self, context, title=None): title = title or self.fullname url = self.get_url(context) link = u'<a href="{0}" title="{1}" class="{2}">{1}</a>'.format( url, escape_html(title), self.css_class) return link
def _helper(item, filename): link = '<a href="%s/get_attachment?position=%s">%s</a>' % ( context.absolute_url(), item.get('position'), escape_html(filename)) return link