Mercurial > libervia-backend
comparison src/plugins/plugin_xep_0277.py @ 1814:602a47ccc07c
plugin XEP-0277: removed cleanXHTML on output data:
- while it is mandatory to clean input data, output data sent by frontends should and need to be clean
- cleaning all output data means that we can't send be sure that all the XHTML we send is not modified
- it's a waste of resources as cleaning today reparse the data with lxml
- behaviour may change in the future (e.g. having an option to use cleaning on output data)
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Tue, 19 Jan 2016 12:21:38 +0100 |
| parents | 160b0d4c6520 |
| children | 7ef0f5f90862 |
comparison
equal
deleted
inserted
replaced
| 1813:cf53e3cc702a | 1814:602a47ccc07c |
|---|---|
| 362 if type_: | 362 if type_: |
| 363 if type_ == '_rich': # convert input from current syntax to XHTML | 363 if type_ == '_rich': # convert input from current syntax to XHTML |
| 364 converted = yield synt.convert(data[attr], synt.getCurrentSyntax(profile), "XHTML") | 364 converted = yield synt.convert(data[attr], synt.getCurrentSyntax(profile), "XHTML") |
| 365 if '{}_xhtml'.format(elem_name) in data: | 365 if '{}_xhtml'.format(elem_name) in data: |
| 366 raise failure.Failure(exceptions.DataError(_("Can't have xhtml and rich content at the same time"))) | 366 raise failure.Failure(exceptions.DataError(_("Can't have xhtml and rich content at the same time"))) |
| 367 else: # clean the XHTML input | |
| 368 converted = yield synt.cleanXHTML(data[attr]) | |
| 369 | 367 |
| 370 xml_content = u'<div xmlns="{ns}">{converted}</div>'.format( | 368 xml_content = u'<div xmlns="{ns}">{converted}</div>'.format( |
| 371 ns=NS_XHTML, | 369 ns=NS_XHTML, |
| 372 converted=converted) | 370 converted=converted) |
| 373 div_elt = xml_tools.ElementParser()(xml_content) | 371 div_elt = xml_tools.ElementParser()(xml_content) |