libervia-web: server_side/html

annotate server_side/html_tools.py @ 215:e830a0c60d32

server side: added the security_limit to setParam - in addition to the check which is done by the core, libervia checks if the param to be modified was really part of the XML that has been returned by getParams with security_limit = 0.

author	souliane <souliane@mailoo.org>
date	Sat, 07 Sep 2013 02:07:07 +0200
parents	9763dec220ed
children

rev	line source
8 88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	1 #!/usr/bin/python
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	2 # -- coding: utf-8 --
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	3
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	4 """
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	5 Libervia: a Salut à Toi frontend
165 9763dec220ed dates update Goffi <goffi@goffi.org> parents: 131 diff changeset	6 Copyright (C) 2011, 2012, 2013 Jérôme Poisson <goffi@goffi.org>
8 88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	7
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	8 This program is free software: you can redistribute it and/or modify
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	9 it under the terms of the GNU Affero General Public License as published by
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	10 the Free Software Foundation, either version 3 of the License, or
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	11 (at your option) any later version.
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	12
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	13 This program is distributed in the hope that it will be useful,
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	14 but WITHOUT ANY WARRANTY; without even the implied warranty of
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	16 GNU Affero General Public License for more details.
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	17
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	18 You should have received a copy of the GNU Affero General Public License
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	19 along with this program. If not, see <http://www.gnu.org/licenses/>.
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	20 """
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	21
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	22 def sanitizeHtml(text):
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	23 """Sanitize HTML by escaping everything"""
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	24 #this code comes from official python wiki: http://wiki.python.org/moin/EscapingHtml
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	25 html_escape_table = {
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	26 "&": "&",
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	27 '"': """,
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	28 "'": "'",
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	29 ">": ">",
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	30 "<": "<",
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	31 }
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	32
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	33 return "".join(html_escape_table.get(c,c) for c in text)
88ae360198ee html tools Goffi <goffi@goffi.org> parents: diff changeset	34

Mercurial > libervia-web

annotate server_side/html_tools.py @ 215:e830a0c60d32