# HG changeset patch # User Goffi # Date 1509120805 -7200 # Node ID 221478058d8a1e37b02003ea9b1b7773ed5ce956 # Parent 8253ea06978173aa80443eea285e447e379748d5 template: improved attribute escaping, and added it to filters under the name "attr_escape" diff -r 8253ea069781 -r 221478058d8a src/tools/common/template.py --- a/src/tools/common/template.py Fri Oct 27 18:11:20 2017 +0200 +++ b/src/tools/common/template.py Fri Oct 27 18:13:25 2017 +0200 @@ -27,6 +27,7 @@ import os.path from xml.sax.saxutils import quoteattr import time +import re from babel import support from babel import Locale from babel.core import UnknownLocaleError @@ -46,6 +47,7 @@ HTML_EXT = ('html', 'xhtml') DEFAULT_LOCALE = u'en' +RE_ATTR_ESCAPE = re.compile(r'[^a-z_-]') # TODO: handle external path (an additional search path for templates should be settable by user # TODO: handle absolute URL (should be used for trusted use cases) only (e.g. jp) for security reason @@ -200,6 +202,7 @@ self.env.filters['cur_gidx'] = self._cur_gidx self.env.filters['date_days'] = self._date_days self.env.filters['xmlui_class'] = self._xmlui_class + self.env.filters['attr_escape'] = self.attr_escape self.env.filters['adv_format'] = self._adv_format def installTranslations(self): @@ -340,7 +343,7 @@ remove spaces, and put in lower case """ - return text.strip().lower().replace(' ', '_') + return RE_ATTR_ESCAPE.sub(u'_', text.strip().lower())[:50] def _xmlui_class(self, xmlui_item, fields): """return classes computed from XMLUI fields name