Module: check_mk
Branch: master
Commit: c6b46606eedc7c5a561f3dd0b65f4778f9b6564b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c6b46606eedc7c…
Author: Roland Halbig <rh(a)mathias-kettner.de>
Date: Thu Apr 20 13:27:02 2017 +0200
refactoring htmllib: escaping and encodings via member object calls.
Change-Id: I49654704d9a55a1d3bd49ee224809f100b410838
---
web/htdocs/htmllib.py | 84 +++++++++++++++++++++++++++++++++------------------
1 file changed, 55 insertions(+), 29 deletions(-)
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index 90e1364..5d8c01a 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -111,7 +111,7 @@ class Escaper(object):
# For example: replace '"' with '"', '<'
with '<'.
# This code is slow. Works on str and unicode without changing
# the type. Also works on things that can be converted with '%s'.
- def _escape_attribute(self, value):
+ def escape_attribute(self, value):
attr_type = type(value)
if value is None:
return ''
@@ -133,12 +133,12 @@ class Escaper(object):
# This is useful for messages where we want to keep formatting
# options. (Formerly known as 'permissive_attrencode') """
# for the escaping functions
- def _escape_text(self, text):
+ def escape_text(self, text):
if isinstance(text, HTML):
return "%s" % text # This is HTML code which must not be escaped
- text = self._escape_attribute(text)
+ text = self.escape_attribute(text)
text = self._unescaper_text.sub(r'<\1\2>', text)
# Also repair link definitions
text = self._unescaper_href.sub(r'<a href="\1">', text)
@@ -151,21 +151,6 @@ class Escaper(object):
#
- # Encode HTML attributes: replace " with ", also replace
- # < and >. This code is slow. Works on str and unicode without
- # changing the type. Also works on things that can be converted
- # with %s.
- def attrencode(self, value):
- return self._escape_attribute(value)
-
-
- # Only strip off some tags. We allow some simple tags like
- # <b>, <tt>, <i> to be part of the string. This is useful
- # for messages where we still want to have formating options.
- def permissive_attrencode(self, obj):
- return self._escape_text(obj)
-
-
#.
#
# HTML encoding
@@ -522,7 +507,7 @@ class OutputFunnel(object):
# '----------------------------------------------------------------------'
-class HTMLGenerator(Escaper, OutputFunnel):
+class HTMLGenerator(OutputFunnel):
""" Usage Notes:
@@ -581,6 +566,9 @@ class HTMLGenerator(Escaper, OutputFunnel):
self.testing_mode = False
+ self.escaper = Escaper()
+
+
#
# Rendering
@@ -618,14 +606,14 @@ class HTMLGenerator(Escaper, OutputFunnel):
if v is None:
continue
- k = self._escape_attribute(k.rstrip('_'))
+ k = self.escaper.escape_attribute(k.rstrip('_'))
if v == '':
options.append(k)
continue
if not isinstance(v, list):
- v = self._escape_attribute(v)
+ v = self.escaper.escape_attribute(v)
else:
if k == "class":
sep = ' '
@@ -634,7 +622,7 @@ class HTMLGenerator(Escaper, OutputFunnel):
else:
sep = '_'
- v = sep.join([a for a in (self._escape_attribute(vi) for vi in v) if a])
+ v = sep.join([a for a in (self.escaper.escape_attribute(vi) for vi in v)
if a])
if sep.startswith(';'):
v = re.sub(';+', ';', v)
@@ -672,7 +660,7 @@ class HTMLGenerator(Escaper, OutputFunnel):
if isinstance(tag_content, HTML):
tag += tag_content.lstrip(' ').rstrip('\n')
else:
- tag += self._escape_text(tag_content)
+ tag += self.escaper.escape_text(tag_content)
tag += "</%s>" % (tag_name)
@@ -726,7 +714,7 @@ class HTMLGenerator(Escaper, OutputFunnel):
def write_text(self, text):
""" Write text. Highlighting tags such as
h2|b|tt|i|br|pre|a|sup|p|li|ul|ol are not escaped. """
- self.write(self._escape_text(text))
+ self.write(self.escaper.escape_text(text))
def write_html(self, content):
@@ -1356,13 +1344,10 @@ class RequestHandler(object):
# '----------------------------------------------------------------------'
-class html(HTMLGenerator, Encoder, RequestHandler):
+class html(HTMLGenerator, RequestHandler):
def __init__(self):
super(html, self).__init__()
-# HTMLGenerator.__init__(self)
-# Encoder.__init__(self)
-# RequestHandler.__init__(self)
# rendering state
self.html_is_open = False
@@ -1420,6 +1405,10 @@ class html(HTMLGenerator, Encoder, RequestHandler):
# FIXME: Drop this
self.auto_id = 0
+ # encoding
+ self.encoder = Encoder()
+
+
RETURN = 13
SHIFT = 16
CTRL = 17
@@ -1428,6 +1417,43 @@ class html(HTMLGenerator, Encoder, RequestHandler):
F1 = 112
+ #
+ # Encoding
+ #
+
+ def urlencode_vars(self, vars):
+ return self.encoder.urlencode_vars(vars)
+
+ def urlencode(self, value):
+ return self.encoder.urlencode(value)
+
+ # Escape a variable name so that it only uses allowed charachters for URL variables
+ def varencode(self, varname):
+ return self.encoder.varencode(varname)
+
+ def u8(self, c):
+ return self.encoder.u8(c)
+
+ def utf8_to_entities(self, text):
+ return self.encoder.utf8_to_entities(text)
+
+
+ #
+ # escaping - deprecated functions
+ #
+ # Encode HTML attributes: e.g. replace '"' with '"',
'<' and '>' with '<' and '>'
+ def attrencode(self, value):
+ return self.escaper.escape_attribute(value)
+
+ # Only strip off some tags. We allow some simple tags like <b> or <tt>.
+ def permissive_attrencode(self, obj):
+ return self.escaper.escape_text(obj)
+
+
+ #
+ # Stripping
+ #
+
# remove all HTML-tags
def strip_tags(self, ht):
@@ -2563,7 +2589,7 @@ class html(HTMLGenerator, Encoder, RequestHandler):
id_ = id
self._context_button(title, url, icon=icon, hot=hot, id_=id_, bestof=bestof,
hover_title=hover_title, fkey=fkey, class_=class_)
if fkey and self.keybindings_enabled:
- self.add_keybinding([self.F1 + (fkey - 1)],
"document.location='%s';" % self._escape_attribute(url))
+ self.add_keybinding([self.F1 + (fkey - 1)],
"document.location='%s';" % self.escaper.escape_attribute(url))
def _context_button(self, title, url, icon=None, hot=False, id_=None, bestof=None,
hover_title=None, fkey=None, class_=None):