Mercurial > libervia-backend
changeset 2401:221478058d8a
template: improved attribute escaping, and added it to filters under the name "attr_escape"
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 27 Oct 2017 18:13:25 +0200 |
parents | 8253ea069781 |
children | f905dfe69fcc |
files | src/tools/common/template.py |
diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/tools/common/template.py Fri Oct 27 18:11:20 2017 +0200 +++ b/src/tools/common/template.py Fri Oct 27 18:13:25 2017 +0200 @@ -27,6 +27,7 @@ import os.path from xml.sax.saxutils import quoteattr import time +import re from babel import support from babel import Locale from babel.core import UnknownLocaleError @@ -46,6 +47,7 @@ HTML_EXT = ('html', 'xhtml') DEFAULT_LOCALE = u'en' +RE_ATTR_ESCAPE = re.compile(r'[^a-z_-]') # TODO: handle external path (an additional search path for templates should be settable by user # TODO: handle absolute URL (should be used for trusted use cases) only (e.g. jp) for security reason @@ -200,6 +202,7 @@ self.env.filters['cur_gidx'] = self._cur_gidx self.env.filters['date_days'] = self._date_days self.env.filters['xmlui_class'] = self._xmlui_class + self.env.filters['attr_escape'] = self.attr_escape self.env.filters['adv_format'] = self._adv_format def installTranslations(self): @@ -340,7 +343,7 @@ remove spaces, and put in lower case """ - return text.strip().lower().replace(' ', '_') + return RE_ATTR_ESCAPE.sub(u'_', text.strip().lower())[:50] def _xmlui_class(self, xmlui_item, fields): """return classes computed from XMLUI fields name