Mercurial > genshi > genshi-test
comparison examples/tutorial/geddit/controller.py @ 631:e414dc0bca5c
GenshiTutorial: implement the XSS section.
| author | cmlenz |
|---|---|
| date | Tue, 04 Sep 2007 19:20:46 +0000 |
| parents | 693a7212b348 |
| children | c5e5801c32ac |
comparison
equal
deleted
inserted
replaced
| 630:8bb5abd0a1dc | 631:e414dc0bca5c |
|---|---|
| 2 | 2 |
| 3 import operator, os, pickle, sys | 3 import operator, os, pickle, sys |
| 4 | 4 |
| 5 import cherrypy | 5 import cherrypy |
| 6 from formencode import Invalid | 6 from formencode import Invalid |
| 7 from genshi.filters import HTMLFormFiller | 7 from genshi.input import HTML |
| 8 from genshi.filters import HTMLFormFiller, HTMLSanitizer | |
| 8 | 9 |
| 9 from geddit.form import LinkForm, CommentForm | 10 from geddit.form import LinkForm, CommentForm |
| 10 from geddit.lib import ajax, template | 11 from geddit.lib import ajax, template |
| 11 from geddit.model import Link, Comment | 12 from geddit.model import Link, Comment |
| 12 | 13 |
| 59 if cancel: | 60 if cancel: |
| 60 raise cherrypy.HTTPRedirect('/info/%s' % link.id) | 61 raise cherrypy.HTTPRedirect('/info/%s' % link.id) |
| 61 form = CommentForm() | 62 form = CommentForm() |
| 62 try: | 63 try: |
| 63 data = form.to_python(data) | 64 data = form.to_python(data) |
| 65 markup = HTML(data['content']) | HTMLSanitizer() | |
| 66 data['content'] = markup.render('xhtml') | |
| 64 comment = link.add_comment(**data) | 67 comment = link.add_comment(**data) |
| 65 if not ajax.is_xhr(): | 68 if not ajax.is_xhr(): |
| 66 raise cherrypy.HTTPRedirect('/info/%s' % link.id) | 69 raise cherrypy.HTTPRedirect('/info/%s' % link.id) |
| 67 return template.render('_comment.html', comment=comment, | 70 return template.render('_comment.html', comment=comment, |
| 68 num=len(link.comments)) | 71 num=len(link.comments)) |