Mercurial > libervia-web
comparison browser_side/panels.py @ 51:9f19e16187ff
browser side: HTML sanitization
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 26 May 2011 23:03:45 +0200 |
| parents | 72c51a4839cc |
| children | 4419ef07bb2b |
comparison
equal
deleted
inserted
replaced
| 50:72c51a4839cc | 51:9f19e16187ff |
|---|---|
| 73 | 73 |
| 74 menu_general = MenuBar(vertical=True) | 74 menu_general = MenuBar(vertical=True) |
| 75 menu_general.addItem("Social contract", MenuCmd(self, "onSocialContract")) | 75 menu_general.addItem("Social contract", MenuCmd(self, "onSocialContract")) |
| 76 menu_general.addItem("About", MenuCmd(self, "onAbout")) | 76 menu_general.addItem("About", MenuCmd(self, "onAbout")) |
| 77 | 77 |
| 78 menu_contacts = MenuBar(vertical=True) | |
| 79 menu_contacts.addItem("add contact", MenuCmd(self, "onAddContact")) | |
| 80 | |
| 78 menu_group = MenuBar(vertical=True) | 81 menu_group = MenuBar(vertical=True) |
| 79 menu_group.addItem("join room", MenuCmd(self, "onJoinRoom")) | 82 menu_group.addItem("join room", MenuCmd(self, "onJoinRoom")) |
| 80 | 83 |
| 81 menu_games = MenuBar(vertical=True) | 84 menu_games = MenuBar(vertical=True) |
| 82 menu_games.addItem("Tarot", MenuCmd(self, "onTarotGame")) | 85 menu_games.addItem("Tarot", MenuCmd(self, "onTarotGame")) |
| 83 menu_games.addItem("Xiangqi", MenuCmd(self, "onXiangqiGame")) | 86 menu_games.addItem("Xiangqi", MenuCmd(self, "onXiangqiGame")) |
| 84 | 87 |
| 85 menubar = MenuBar(vertical=False) | 88 menubar = MenuBar(vertical=False) |
| 86 menubar.addItem(MenuItem("General", menu_general)) | 89 menubar.addItem(MenuItem("General", menu_general)) |
| 90 menubar.addItem(MenuItem("Contacts", menu_contacts)) | |
| 87 menubar.addItem(MenuItem("Groups", menu_group)) | 91 menubar.addItem(MenuItem("Groups", menu_group)) |
| 88 menubar.addItem(MenuItem("Games", True, menu_games)) | 92 menubar.addItem(MenuItem("Games", True, menu_games)) |
| 89 self.add(menubar) | 93 self.add(menubar) |
| 90 | 94 |
| 91 #General menu | 95 #General menu |
| 101 <br /> | 105 <br /> |
| 102 You can contact the author at <a href="mailto:goffi@goffi.org">goffi@goffi.org</a><br /> | 106 You can contact the author at <a href="mailto:goffi@goffi.org">goffi@goffi.org</a><br /> |
| 103 Blog available (mainly in french) at <a href="http://www.goffi.org" target="_blank">http://www.goffi.org</a><br /> | 107 Blog available (mainly in french) at <a href="http://www.goffi.org" target="_blank">http://www.goffi.org</a><br /> |
| 104 Project page: <a href="http://wiki.goffi.org/wiki/Salut_à_Toi"target="_blank">http://wiki.goffi.org/wiki/Salut_à_Toi</a><br /> | 108 Project page: <a href="http://wiki.goffi.org/wiki/Salut_à_Toi"target="_blank">http://wiki.goffi.org/wiki/Salut_à_Toi</a><br /> |
| 105 <br /> | 109 <br /> |
| 106 Any help Welcome :) | 110 Any help welcome :) |
| 107 """) | 111 """) |
| 108 _dialog = dialog.InfoDialog("About", _about) | 112 _dialog = dialog.InfoDialog("About", _about) |
| 109 _dialog.show() | 113 _dialog.show() |
| 114 | |
| 115 #Contact menu | |
| 116 def onAddContact(self): | |
| 117 """Q&D contact addition""" | |
| 118 Window.alert("Add contact !") | |
| 119 | |
| 110 | 120 |
| 111 #Group menu | 121 #Group menu |
| 112 def onJoinRoom(self): | 122 def onJoinRoom(self): |
| 113 _dialog = None | 123 _dialog = None |
| 114 _edit = None | 124 _edit = None |
| 387 SimplePanel.__init__(self) | 397 SimplePanel.__init__(self) |
| 388 | 398 |
| 389 _datetime = datetime.fromtimestamp(timestamp) | 399 _datetime = datetime.fromtimestamp(timestamp) |
| 390 | 400 |
| 391 panel = HTMLPanel("<div class='mb_entry_header'><span class='mb_entry_author'>%(author)s</span> on <span class='mb_entry_timestamp'>%(timestamp)s</span></div><div class='mb_entry_body'>%(body)s</div>" % | 401 panel = HTMLPanel("<div class='mb_entry_header'><span class='mb_entry_author'>%(author)s</span> on <span class='mb_entry_timestamp'>%(timestamp)s</span></div><div class='mb_entry_body'>%(body)s</div>" % |
| 392 {"author": author, | 402 {"author": html_sanitize(author), |
| 393 "timestamp": _datetime, | 403 "timestamp": _datetime, |
| 394 "body": body} | 404 "body": html_sanitize(body)} |
| 395 ) | 405 ) |
| 396 panel.setStyleName('microblogEntry') | 406 panel.setStyleName('microblogEntry') |
| 397 self.add(panel) | 407 self.add(panel) |
| 398 | 408 |
| 399 class MicroblogPanel(DropCell, ScrollPanelWrapper): | 409 class MicroblogPanel(DropCell, ScrollPanelWrapper): |
| 404 @param accept_all: if true, show every message, without filtering jids""" | 414 @param accept_all: if true, show every message, without filtering jids""" |
| 405 ScrollPanelWrapper.__init__(self) | 415 ScrollPanelWrapper.__init__(self) |
| 406 DropCell.__init__(self) | 416 DropCell.__init__(self) |
| 407 self.host = host | 417 self.host = host |
| 408 self.accept_all = accept_all | 418 self.accept_all = accept_all |
| 409 title=title.replace('<','<').replace('>','>') | 419 title=html_sanitize(title) |
| 410 self.accepted_groups = [] | 420 self.accepted_groups = [] |
| 411 _class = ['mb_panel_header'] | 421 _class = ['mb_panel_header'] |
| 412 if title == ' ': | 422 if title == ' ': |
| 413 _class.append('empty_header') | 423 _class.append('empty_header') |
| 414 self.vpanel = VerticalPanel() | 424 self.vpanel = VerticalPanel() |
| 453 self.setStyleName('statusPanel') | 463 self.setStyleName('statusPanel') |
| 454 ClickHandler.__init__(self) | 464 ClickHandler.__init__(self) |
| 455 self.addClickListener(self) | 465 self.addClickListener(self) |
| 456 | 466 |
| 457 def __getContent(self): | 467 def __getContent(self): |
| 458 return "<span class='status'>%(status)s</span>" % {'status':self.status} | 468 return "<span class='status'>%(status)s</span>" % {'status':html_sanitize(self.status)} |
| 459 | 469 |
| 460 def changeStatus(self, new_status): | 470 def changeStatus(self, new_status): |
| 461 self.status = new_status or ' ' | 471 self.status = new_status or ' ' |
| 462 self.setHTML(self.__getContent()) | 472 self.setHTML(self.__getContent()) |
| 463 | 473 |
| 472 _msg_class = ["chat_text_msg"] | 482 _msg_class = ["chat_text_msg"] |
| 473 if mymess: | 483 if mymess: |
| 474 _msg_class.append("chat_text_mymess") | 484 _msg_class.append("chat_text_mymess") |
| 475 HTMLPanel.__init__(self, "<span class='chat_text_timestamp'>%(timestamp)s</span> <span class='chat_text_nick'>%(nick)s</span> <span class='%(msg_class)s'>%(msg)s</span>" % | 485 HTMLPanel.__init__(self, "<span class='chat_text_timestamp'>%(timestamp)s</span> <span class='chat_text_nick'>%(nick)s</span> <span class='%(msg_class)s'>%(msg)s</span>" % |
| 476 {"timestamp": _date.strftime("%H:%M"), | 486 {"timestamp": _date.strftime("%H:%M"), |
| 477 "nick": "[%s]" % nick, | 487 "nick": "[%s]" % html_sanitize(nick), |
| 478 "msg_class": ' '.join(_msg_class), | 488 "msg_class": ' '.join(_msg_class), |
| 479 "msg": msg} | 489 "msg": html_sanitize(msg)} |
| 480 ) | 490 ) |
| 481 self.setStyleName('chatText') | 491 self.setStyleName('chatText') |
| 482 | 492 |
| 483 class Occupant(HTML): | 493 class Occupant(HTML): |
| 484 """Occupant of a MUC room""" | 494 """Occupant of a MUC room""" |
| 531 if not target: | 541 if not target: |
| 532 print "ERROR: Empty target !" | 542 print "ERROR: Empty target !" |
| 533 return | 543 return |
| 534 self.target = target | 544 self.target = target |
| 535 title="%s" % target.bare | 545 title="%s" % target.bare |
| 536 title.replace('<','<').replace('>','>') | |
| 537 _class = ['mb_panel_header'] | 546 _class = ['mb_panel_header'] |
| 538 self.header = HTMLPanel("<div class='%s'>%s</div>" % (','.join(_class),title)) | 547 self.header = HTMLPanel("<div class='%s'>%s</div>" % (','.join(_class),html_sanitize(title))) |
| 539 self.header.setStyleName('chatHeader') | 548 self.header.setStyleName('chatHeader') |
| 540 self.body = AbsolutePanel() | 549 self.body = AbsolutePanel() |
| 541 self.body.setStyleName('chatPanel_body') | 550 self.body.setStyleName('chatPanel_body') |
| 542 chat_area = HorizontalPanel() | 551 chat_area = HorizontalPanel() |
| 543 chat_area.setStyleName('chatArea') | 552 chat_area.setStyleName('chatArea') |
| 605 @param msg: message to print | 614 @param msg: message to print |
| 606 @type: one of: | 615 @type: one of: |
| 607 normal: general info like "toto has joined the room" | 616 normal: general info like "toto has joined the room" |
| 608 me: "/me" information like "/me clenches his fist" ==> "toto clenches his fist" | 617 me: "/me" information like "/me clenches his fist" ==> "toto clenches his fist" |
| 609 """ | 618 """ |
| 610 _wid = Label(msg) | 619 _wid = Label(html_sanitize(msg)) |
| 611 if type == 'normal': | 620 if type == 'normal': |
| 612 _wid.setStyleName('chatTextInfo') | 621 _wid.setStyleName('chatTextInfo') |
| 613 elif type == 'me': | 622 elif type == 'me': |
| 614 _wid.setStyleName('chatTextMe') | 623 _wid.setStyleName('chatTextMe') |
| 615 else: | 624 else: |