# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1509120805 -7200
# Node ID 221478058d8a1e37b02003ea9b1b7773ed5ce956
# Parent  8253ea06978173aa80443eea285e447e379748d5
template: improved attribute escaping, and added it to filters under the name "attr_escape"

diff -r 8253ea069781 -r 221478058d8a src/tools/common/template.py
--- a/src/tools/common/template.py	Fri Oct 27 18:11:20 2017 +0200
+++ b/src/tools/common/template.py	Fri Oct 27 18:13:25 2017 +0200
@@ -27,6 +27,7 @@
 import os.path
 from xml.sax.saxutils import quoteattr
 import time
+import re
 from babel import support
 from babel import Locale
 from babel.core import UnknownLocaleError
@@ -46,6 +47,7 @@
 
 HTML_EXT = ('html', 'xhtml')
 DEFAULT_LOCALE = u'en'
+RE_ATTR_ESCAPE = re.compile(r'[^a-z_-]')
 # TODO: handle external path (an additional search path for templates should be settable by user
 # TODO: handle absolute URL (should be used for trusted use cases) only (e.g. jp) for security reason
 
@@ -200,6 +202,7 @@
         self.env.filters['cur_gidx'] = self._cur_gidx
         self.env.filters['date_days'] = self._date_days
         self.env.filters['xmlui_class'] = self._xmlui_class
+        self.env.filters['attr_escape'] = self.attr_escape
         self.env.filters['adv_format'] = self._adv_format
 
     def installTranslations(self):
@@ -340,7 +343,7 @@
 
         remove spaces, and put in lower case
         """
-        return text.strip().lower().replace(' ', '_')
+        return RE_ATTR_ESCAPE.sub(u'_', text.strip().lower())[:50]
 
     def _xmlui_class(self, xmlui_item, fields):
         """return classes computed from XMLUI fields name