Mercurial > libervia-web

view libervia/server/html_tools.py @ 1306:c07112ef01cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
browser (template): adapted filters/global/extensions to manage SàT templates: `template` module has been update so most SàT template can be run from browser: - `profile` and `csrf_token` are set as globals - an implementation of `xmlattr` filter has been added - `date_fmt` filter has been implemented using `moment.js` - i18n method `_` has been added to globals, and `{% trans %}` statement has been implemented using an extension. For now they are not actually translating but just returning the unmodified string. - new `get_args` helper method to handle `nunjucks` convention for arguments. - fixed `get_elt` to only return the first child element (avoiding any text child) + added a defaut value for `context`
author Goffi <goffi@goffi.org>
date Thu, 16 Jul 2020 09:08:50 +0200
parents f511f8fbbf8a
children 822bd0139769
line wrap: on
line source

#!/usr/bin/env python3


# Libervia: a Salut à Toi frontend
# Copyright (C) 2011-2020 Jérôme Poisson <goffi@goffi.org>

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


def sanitizeHtml(text):
    """Sanitize HTML by escaping everything"""
    # this code comes from official python wiki: http://wiki.python.org/moin/EscapingHtml
    html_escape_table = {
        "&": "&amp;",
        '"': "&quot;",
        "'": "&apos;",
        ">": "&gt;",
        "<": "&lt;",
    }

    return "".join(html_escape_table.get(c, c) for c in text)


def convertNewLinesToXHTML(text):
    return text.replace("\n", "<br/>")