Mercurial > libervia-backend
comparison src/tools/common/template.py @ 2401:221478058d8a
template: improved attribute escaping, and added it to filters under the name "attr_escape"
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 27 Oct 2017 18:13:25 +0200 |
| parents | 7bfcc431f66d |
| children | f905dfe69fcc |
comparison
equal
deleted
inserted
replaced
| 2400:8253ea069781 | 2401:221478058d8a |
|---|---|
| 25 from sat.core.log import getLogger | 25 from sat.core.log import getLogger |
| 26 log = getLogger(__name__) | 26 log = getLogger(__name__) |
| 27 import os.path | 27 import os.path |
| 28 from xml.sax.saxutils import quoteattr | 28 from xml.sax.saxutils import quoteattr |
| 29 import time | 29 import time |
| 30 import re | |
| 30 from babel import support | 31 from babel import support |
| 31 from babel import Locale | 32 from babel import Locale |
| 32 from babel.core import UnknownLocaleError | 33 from babel.core import UnknownLocaleError |
| 33 try: | 34 try: |
| 34 import sat_templates | 35 import sat_templates |
| 44 | 45 |
| 45 from jinja2 import Markup as safe | 46 from jinja2 import Markup as safe |
| 46 | 47 |
| 47 HTML_EXT = ('html', 'xhtml') | 48 HTML_EXT = ('html', 'xhtml') |
| 48 DEFAULT_LOCALE = u'en' | 49 DEFAULT_LOCALE = u'en' |
| 50 RE_ATTR_ESCAPE = re.compile(r'[^a-z_-]') | |
| 49 # TODO: handle external path (an additional search path for templates should be settable by user | 51 # TODO: handle external path (an additional search path for templates should be settable by user |
| 50 # TODO: handle absolute URL (should be used for trusted use cases) only (e.g. jp) for security reason | 52 # TODO: handle absolute URL (should be used for trusted use cases) only (e.g. jp) for security reason |
| 51 | 53 |
| 52 | 54 |
| 53 class TemplateLoader(jinja2.FileSystemLoader): | 55 class TemplateLoader(jinja2.FileSystemLoader): |
| 198 # custom filters | 200 # custom filters |
| 199 self.env.filters['next_gidx'] = self._next_gidx | 201 self.env.filters['next_gidx'] = self._next_gidx |
| 200 self.env.filters['cur_gidx'] = self._cur_gidx | 202 self.env.filters['cur_gidx'] = self._cur_gidx |
| 201 self.env.filters['date_days'] = self._date_days | 203 self.env.filters['date_days'] = self._date_days |
| 202 self.env.filters['xmlui_class'] = self._xmlui_class | 204 self.env.filters['xmlui_class'] = self._xmlui_class |
| 205 self.env.filters['attr_escape'] = self.attr_escape | |
| 203 self.env.filters['adv_format'] = self._adv_format | 206 self.env.filters['adv_format'] = self._adv_format |
| 204 | 207 |
| 205 def installTranslations(self): | 208 def installTranslations(self): |
| 206 i18n_dir = os.path.join(self.base_dir, 'i18n') | 209 i18n_dir = os.path.join(self.base_dir, 'i18n') |
| 207 self.translations = {} | 210 self.translations = {} |
| 338 def attr_escape(self, text): | 341 def attr_escape(self, text): |
| 339 """escape a text to a value usable as an attribute | 342 """escape a text to a value usable as an attribute |
| 340 | 343 |
| 341 remove spaces, and put in lower case | 344 remove spaces, and put in lower case |
| 342 """ | 345 """ |
| 343 return text.strip().lower().replace(' ', '_') | 346 return RE_ATTR_ESCAPE.sub(u'_', text.strip().lower())[:50] |
| 344 | 347 |
| 345 def _xmlui_class(self, xmlui_item, fields): | 348 def _xmlui_class(self, xmlui_item, fields): |
| 346 """return classes computed from XMLUI fields name | 349 """return classes computed from XMLUI fields name |
| 347 | 350 |
| 348 will return a string with a series of escaped {name}_{value} separated by spaces. | 351 will return a string with a series of escaped {name}_{value} separated by spaces. |