0001-misc-linkify-URLs-in-rich-text-comments-60912.patch
tests/form_pages/test_all.py | ||
---|---|---|
8896 | 8896 |
resp.form['comment'] = '<p> </p>' # left ~empty |
8897 | 8897 |
resp = resp.form.submit('button_x1') |
8898 | 8898 |
assert resp.pyquery('.error').text() == 'required field' |
8899 | ||
8900 |
# url to links |
|
8901 |
resp.form['comment'] = '<p>Here is the address: https://example.net</p>' |
|
8902 |
resp = resp.form.submit('button_x1').follow() |
|
8903 |
assert ( |
|
8904 |
'<p>Here is the address: <a href="https://example.net" rel="nofollow">https://example.net</a></p>' |
|
8905 |
in resp.text |
|
8906 |
) |
tests/test_widgets.py | ||
---|---|---|
428 | 428 |
widget = WysiwygTextWidget('test') |
429 | 429 |
mock_form_submission(req, widget, {'test': '<a href="#">a</a>'}) |
430 | 430 |
assert not widget.has_error() |
431 |
assert widget.parse() == '<a href="#">a</a>' |
|
431 |
assert widget.parse() == '<a href="#" rel="nofollow">a</a>'
|
|
432 | 432 | |
433 | 433 |
widget = WysiwygTextWidget('test') |
434 | 434 |
mock_form_submission(req, widget, {'test': '<a href="javascript:alert()">a</a>'}) |
... | ... | |
463 | 463 |
assert not widget.has_error() |
464 | 464 |
assert ( |
465 | 465 |
widget.parse() |
466 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>' |
|
466 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
467 | 467 |
) |
468 | 468 | |
469 | 469 |
# make sure it is kept intact even after ckeditor escaped characters |
... | ... | |
472 | 472 |
req, |
473 | 473 |
widget, |
474 | 474 |
{ |
475 |
'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>' |
|
475 |
'test': '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
476 | 476 |
}, |
477 | 477 |
) |
478 | 478 |
assert not widget.has_error() |
479 | 479 |
assert ( |
480 | 480 |
widget.parse() |
481 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>' |
|
481 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
482 | 482 |
) |
483 | 483 | |
484 | 484 |
wcs/qommon/form.py | ||
---|---|---|
30 | 30 |
import sys |
31 | 31 |
import tempfile |
32 | 32 |
import time |
33 |
from functools import partial |
|
33 | 34 | |
34 | 35 |
try: |
35 | 36 |
from PIL import Image |
36 | 37 |
except ImportError: |
37 | 38 |
Image = None |
38 | 39 | |
39 |
import bleach |
|
40 | 40 |
import dns |
41 | 41 |
import dns.exception |
42 | 42 |
import dns.resolver |
43 |
from bleach import Cleaner |
|
44 |
from bleach.linkifier import LinkifyFilter |
|
43 | 45 | |
44 | 46 |
try: |
45 | 47 |
import magic |
... | ... | |
2265 | 2267 |
def _parse(self, request): |
2266 | 2268 |
TextWidget._parse(self, request, use_validation_function=False) |
2267 | 2269 |
if self.value: |
2268 |
self.value = bleach.clean( |
|
2269 |
self.value, |
|
2270 |
cleaner = Cleaner( |
|
2270 | 2271 |
tags=self.ALL_TAGS, |
2271 | 2272 |
attributes=self.ALL_ATTRS, |
2272 | 2273 |
styles=self.ALL_STYLES, |
2273 | 2274 |
strip=True, |
2274 | 2275 |
strip_comments=False, |
2276 |
filters=[partial(LinkifyFilter, skip_tags=['pre'], parse_email=False)], |
|
2275 | 2277 |
) |
2278 |
self.value = cleaner.clean(self.value) |
|
2276 | 2279 |
if self.value.startswith('<br />'): |
2277 | 2280 |
self.value = self.value[6:] |
2278 | 2281 |
if self.value.endswith('<br />'): |
2279 |
- |