remove configuration dependency in Markup
Also handle mutable datastructures more carefully.
This commit is contained in:
parent
65caa7ad99
commit
1a4e760fe0
@ -85,7 +85,10 @@ class Isso(object):
|
|||||||
self.conf = conf
|
self.conf = conf
|
||||||
self.db = db.SQLite3(conf.get('general', 'dbpath'), conf)
|
self.db = db.SQLite3(conf.get('general', 'dbpath'), conf)
|
||||||
self.signer = URLSafeTimedSerializer(self.db.preferences.get("session-key"))
|
self.signer = URLSafeTimedSerializer(self.db.preferences.get("session-key"))
|
||||||
self.markup = html.Markup(conf.section('markup'))
|
self.markup = html.Markup(
|
||||||
|
conf.getlist("markup", "options"),
|
||||||
|
conf.getlist("markup", "allowed-elements"),
|
||||||
|
conf.getlist("markup", "allowed-attributes"))
|
||||||
self.hasher = hash.new(
|
self.hasher = hash.new(
|
||||||
conf.get("hash", "algorithm"),
|
conf.get("hash", "algorithm"),
|
||||||
conf.get("hash", "salt"))
|
conf.get("hash", "salt"))
|
||||||
|
@ -5,8 +5,6 @@ try:
|
|||||||
except ImportError:
|
except ImportError:
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
|
|
||||||
from isso import config
|
|
||||||
from isso.utils import html
|
from isso.utils import html
|
||||||
|
|
||||||
|
|
||||||
@ -55,13 +53,6 @@ class TestHTML(unittest.TestCase):
|
|||||||
self.assertEqual(html.sanitize(sanitizer, input), expected)
|
self.assertEqual(html.sanitize(sanitizer, input), expected)
|
||||||
|
|
||||||
def test_render(self):
|
def test_render(self):
|
||||||
conf = config.new({
|
renderer = html.Markup(["autolink", ]).render
|
||||||
"markup": {
|
|
||||||
"options": "autolink",
|
|
||||||
"allowed-elements": "",
|
|
||||||
"allowed-attributes": ""
|
|
||||||
}
|
|
||||||
})
|
|
||||||
renderer = html.Markup(conf.section("markup")).render
|
|
||||||
self.assertEqual(renderer("http://example.org/ and sms:+1234567890"),
|
self.assertEqual(renderer("http://example.org/ and sms:+1234567890"),
|
||||||
'<p><a href="http://example.org/">http://example.org/</a> and sms:+1234567890</p>')
|
'<p><a href="http://example.org/">http://example.org/</a> and sms:+1234567890</p>')
|
||||||
|
@ -26,10 +26,15 @@ def Sanitizer(elements, attributes):
|
|||||||
"pre", "code", "blockquote",
|
"pre", "code", "blockquote",
|
||||||
"del", "ins", "strong", "em",
|
"del", "ins", "strong", "em",
|
||||||
"h1", "h2", "h3", "h4", "h5", "h6",
|
"h1", "h2", "h3", "h4", "h5", "h6",
|
||||||
"table", "thead", "tbody", "th", "td"] + elements
|
"table", "thead", "tbody", "th", "td"]
|
||||||
|
|
||||||
# href for <a> and align for <table>
|
# href for <a> and align for <table>
|
||||||
allowed_attributes = ["align", "href"] + attributes
|
allowed_attributes = ["align", "href"]
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(Inner, self).__init__(*args, **kwargs)
|
||||||
|
self.allowed_elements = Inner.allowed_elements + elements
|
||||||
|
self.allowed_attributes = Inner.allowed_attributes + attributes
|
||||||
|
|
||||||
# remove disallowed tokens from the output
|
# remove disallowed tokens from the output
|
||||||
def disallowed_token(self, token, token_type):
|
def disallowed_token(self, token, token_type):
|
||||||
@ -65,13 +70,23 @@ def Markdown(extensions=("strikethrough", "superscript", "autolink")):
|
|||||||
|
|
||||||
|
|
||||||
class Markup(object):
|
class Markup(object):
|
||||||
|
"""Text to HTML conversion using Markdown (+ configurable extensions) and
|
||||||
|
an HTML sanitizer to remove malicious elements.
|
||||||
|
|
||||||
def __init__(self, conf):
|
:param options: a list of parameters for the used renderer
|
||||||
|
:param elements: allowed HTML elements in the output
|
||||||
|
:param attributes: allowed HTML attributes in the output
|
||||||
|
"""
|
||||||
|
|
||||||
parser = Markdown(conf.getlist("options"))
|
def __init__(self, options, elements=None, attributes=None):
|
||||||
sanitizer = Sanitizer(
|
if elements is None:
|
||||||
conf.getlist("allowed-elements"),
|
elements = []
|
||||||
conf.getlist("allowed-attributes"))
|
|
||||||
|
if attributes is None:
|
||||||
|
attributes = []
|
||||||
|
|
||||||
|
parser = Markdown(options)
|
||||||
|
sanitizer = Sanitizer(elements, attributes)
|
||||||
|
|
||||||
self._render = lambda text: sanitize(sanitizer, parser(text))
|
self._render = lambda text: sanitize(sanitizer, parser(text))
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user