Mercurial > genshi > genshi-test
comparison genshi/filters/html.py @ 916:872726bac135 experimental-py3k
add support for python 3 to genshi.filters:
* minor changes to track encoding=None API change in core genshi modules.
* renamed genshi/filters/tests/html.py to test_html.py to avoid clashes with Python 3 top-level html module when running tests subset.
* did not rename genshi/filters/html.py.
* i18n filters:
* ugettext and friends are gone in Python 3 (and only gettext and friends exist and they now handle unicode)
* Some \ line continuations inside doctests confused 2to3 and so were removed them.
* Testing picked up a problem (already present in trunk) where Translator.__call__ could end up defining gettext as an endlessly recursive function. Noted with a TODO.
| author | hodgestar |
|---|---|
| date | Sun, 24 Oct 2010 22:21:28 +0000 |
| parents | 585fdbd30e05 |
| children |
comparison
equal
deleted
inserted
replaced
| 915:9fafb35032a1 | 916:872726bac135 |
|---|---|
| 30 """A stream filter that can populate HTML forms from a dictionary of values. | 30 """A stream filter that can populate HTML forms from a dictionary of values. |
| 31 | 31 |
| 32 >>> from genshi.input import HTML | 32 >>> from genshi.input import HTML |
| 33 >>> html = HTML('''<form> | 33 >>> html = HTML('''<form> |
| 34 ... <p><input type="text" name="foo" /></p> | 34 ... <p><input type="text" name="foo" /></p> |
| 35 ... </form>''') | 35 ... </form>''', encoding='utf-8') |
| 36 >>> filler = HTMLFormFiller(data={'foo': 'bar'}) | 36 >>> filler = HTMLFormFiller(data={'foo': 'bar'}) |
| 37 >>> print(html | filler) | 37 >>> print(html | filler) |
| 38 <form> | 38 <form> |
| 39 <p><input type="text" name="foo" value="bar"/></p> | 39 <p><input type="text" name="foo" value="bar"/></p> |
| 40 </form> | 40 </form> |
| 197 class HTMLSanitizer(object): | 197 class HTMLSanitizer(object): |
| 198 """A filter that removes potentially dangerous HTML tags and attributes | 198 """A filter that removes potentially dangerous HTML tags and attributes |
| 199 from the stream. | 199 from the stream. |
| 200 | 200 |
| 201 >>> from genshi import HTML | 201 >>> from genshi import HTML |
| 202 >>> html = HTML('<div><script>alert(document.cookie)</script></div>') | 202 >>> html = HTML('<div><script>alert(document.cookie)</script></div>', encoding='utf-8') |
| 203 >>> print(html | HTMLSanitizer()) | 203 >>> print(html | HTMLSanitizer()) |
| 204 <div/> | 204 <div/> |
| 205 | 205 |
| 206 The default set of safe tags and attributes can be modified when the filter | 206 The default set of safe tags and attributes can be modified when the filter |
| 207 is instantiated. For example, to allow inline ``style`` attributes, the | 207 is instantiated. For example, to allow inline ``style`` attributes, the |
| 208 following instantation would work: | 208 following instantation would work: |
| 209 | 209 |
| 210 >>> html = HTML('<div style="background: #000"></div>') | 210 >>> html = HTML('<div style="background: #000"></div>', encoding='utf-8') |
| 211 >>> sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) | 211 >>> sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) |
| 212 >>> print(html | sanitizer) | 212 >>> print(html | sanitizer) |
| 213 <div style="background: #000"/> | 213 <div style="background: #000"/> |
| 214 | 214 |
| 215 Note that even in this case, the filter *does* attempt to remove dangerous | 215 Note that even in this case, the filter *does* attempt to remove dangerous |
| 216 constructs from style attributes: | 216 constructs from style attributes: |
| 217 | 217 |
| 218 >>> html = HTML('<div style="background: url(javascript:void); color: #000"></div>') | 218 >>> html = HTML('<div style="background: url(javascript:void); color: #000"></div>', encoding='utf-8') |
| 219 >>> print(html | sanitizer) | 219 >>> print(html | sanitizer) |
| 220 <div style="color: #000"/> | 220 <div style="color: #000"/> |
| 221 | 221 |
| 222 This handles HTML entities, unicode escapes in CSS and Javascript text, as | 222 This handles HTML entities, unicode escapes in CSS and Javascript text, as |
| 223 well as a lot of other things. However, the style tag is still excluded by | 223 well as a lot of other things. However, the style tag is still excluded by |