Mercurial > genshi > genshi-test
comparison genshi/filters/html.py @ 916:872726bac135 experimental-py3k
add support for python 3 to genshi.filters:
* minor changes to track encoding=None API change in core genshi modules.
* renamed genshi/filters/tests/html.py to test_html.py to avoid clashes with Python 3 top-level html module when running tests subset.
* did not rename genshi/filters/html.py.
* i18n filters:
* ugettext and friends are gone in Python 3 (and only gettext and friends exist and they now handle unicode)
* Some \ line continuations inside doctests confused 2to3 and so were removed them.
* Testing picked up a problem (already present in trunk) where Translator.__call__ could end up defining gettext as an endlessly recursive function. Noted with a TODO.
author | hodgestar |
---|---|
date | Sun, 24 Oct 2010 22:21:28 +0000 |
parents | 585fdbd30e05 |
children |
comparison
equal
deleted
inserted
replaced
915:9fafb35032a1 | 916:872726bac135 |
---|---|
30 """A stream filter that can populate HTML forms from a dictionary of values. | 30 """A stream filter that can populate HTML forms from a dictionary of values. |
31 | 31 |
32 >>> from genshi.input import HTML | 32 >>> from genshi.input import HTML |
33 >>> html = HTML('''<form> | 33 >>> html = HTML('''<form> |
34 ... <p><input type="text" name="foo" /></p> | 34 ... <p><input type="text" name="foo" /></p> |
35 ... </form>''') | 35 ... </form>''', encoding='utf-8') |
36 >>> filler = HTMLFormFiller(data={'foo': 'bar'}) | 36 >>> filler = HTMLFormFiller(data={'foo': 'bar'}) |
37 >>> print(html | filler) | 37 >>> print(html | filler) |
38 <form> | 38 <form> |
39 <p><input type="text" name="foo" value="bar"/></p> | 39 <p><input type="text" name="foo" value="bar"/></p> |
40 </form> | 40 </form> |
197 class HTMLSanitizer(object): | 197 class HTMLSanitizer(object): |
198 """A filter that removes potentially dangerous HTML tags and attributes | 198 """A filter that removes potentially dangerous HTML tags and attributes |
199 from the stream. | 199 from the stream. |
200 | 200 |
201 >>> from genshi import HTML | 201 >>> from genshi import HTML |
202 >>> html = HTML('<div><script>alert(document.cookie)</script></div>') | 202 >>> html = HTML('<div><script>alert(document.cookie)</script></div>', encoding='utf-8') |
203 >>> print(html | HTMLSanitizer()) | 203 >>> print(html | HTMLSanitizer()) |
204 <div/> | 204 <div/> |
205 | 205 |
206 The default set of safe tags and attributes can be modified when the filter | 206 The default set of safe tags and attributes can be modified when the filter |
207 is instantiated. For example, to allow inline ``style`` attributes, the | 207 is instantiated. For example, to allow inline ``style`` attributes, the |
208 following instantation would work: | 208 following instantation would work: |
209 | 209 |
210 >>> html = HTML('<div style="background: #000"></div>') | 210 >>> html = HTML('<div style="background: #000"></div>', encoding='utf-8') |
211 >>> sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) | 211 >>> sanitizer = HTMLSanitizer(safe_attrs=HTMLSanitizer.SAFE_ATTRS | set(['style'])) |
212 >>> print(html | sanitizer) | 212 >>> print(html | sanitizer) |
213 <div style="background: #000"/> | 213 <div style="background: #000"/> |
214 | 214 |
215 Note that even in this case, the filter *does* attempt to remove dangerous | 215 Note that even in this case, the filter *does* attempt to remove dangerous |
216 constructs from style attributes: | 216 constructs from style attributes: |
217 | 217 |
218 >>> html = HTML('<div style="background: url(javascript:void); color: #000"></div>') | 218 >>> html = HTML('<div style="background: url(javascript:void); color: #000"></div>', encoding='utf-8') |
219 >>> print(html | sanitizer) | 219 >>> print(html | sanitizer) |
220 <div style="color: #000"/> | 220 <div style="color: #000"/> |
221 | 221 |
222 This handles HTML entities, unicode escapes in CSS and Javascript text, as | 222 This handles HTML entities, unicode escapes in CSS and Javascript text, as |
223 well as a lot of other things. However, the style tag is still excluded by | 223 well as a lot of other things. However, the style tag is still excluded by |