0001-misc-linkify-URLs-in-rich-text-comments-60912.patch
| tests/form_pages/test_all.py | ||
|---|---|---|
| 8896 | 8896 |
resp.form['comment'] = '<p> </p>' # left ~empty |
| 8897 | 8897 |
resp = resp.form.submit('button_x1')
|
| 8898 | 8898 |
assert resp.pyquery('.error').text() == 'required field'
|
| 8899 | ||
| 8900 |
# url to links |
|
| 8901 |
resp.form['comment'] = '<p>Here is the address: https://example.net</p>' |
|
| 8902 |
resp = resp.form.submit('button_x1').follow()
|
|
| 8903 |
assert ( |
|
| 8904 |
'<p>Here is the address: <a href="https://example.net" rel="nofollow">https://example.net</a></p>' |
|
| 8905 |
in resp.text |
|
| 8906 |
) |
|
| tests/test_widgets.py | ||
|---|---|---|
| 428 | 428 |
widget = WysiwygTextWidget('test')
|
| 429 | 429 |
mock_form_submission(req, widget, {'test': '<a href="#">a</a>'})
|
| 430 | 430 |
assert not widget.has_error() |
| 431 |
assert widget.parse() == '<a href="#">a</a>' |
|
| 431 |
assert widget.parse() == '<a href="#" rel="nofollow">a</a>'
|
|
| 432 | 432 | |
| 433 | 433 |
widget = WysiwygTextWidget('test')
|
| 434 | 434 |
mock_form_submission(req, widget, {'test': '<a href="javascript:alert()">a</a>'})
|
| ... | ... | |
| 463 | 463 |
assert not widget.has_error() |
| 464 | 464 |
assert ( |
| 465 | 465 |
widget.parse() |
| 466 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 466 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 467 | 467 |
) |
| 468 | 468 | |
| 469 | 469 |
# make sure it is kept intact even after ckeditor escaped characters |
| ... | ... | |
| 472 | 472 |
req, |
| 473 | 473 |
widget, |
| 474 | 474 |
{
|
| 475 |
'test': '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 475 |
'test': '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 476 | 476 |
}, |
| 477 | 477 |
) |
| 478 | 478 |
assert not widget.has_error() |
| 479 | 479 |
assert ( |
| 480 | 480 |
widget.parse() |
| 481 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 481 |
== '<a href="{% if 1 > 2 %}héllo{% endif %}" rel="nofollow">{% if 2 > 1 %}{{plop|date:"Y"}}{% endif %}</a>'
|
|
| 482 | 482 |
) |
| 483 | 483 | |
| 484 | 484 | |
| wcs/qommon/form.py | ||
|---|---|---|
| 30 | 30 |
import sys |
| 31 | 31 |
import tempfile |
| 32 | 32 |
import time |
| 33 |
from functools import partial |
|
| 33 | 34 | |
| 34 | 35 |
try: |
| 35 | 36 |
from PIL import Image |
| 36 | 37 |
except ImportError: |
| 37 | 38 |
Image = None |
| 38 | 39 | |
| 39 |
import bleach |
|
| 40 | 40 |
import dns |
| 41 | 41 |
import dns.exception |
| 42 | 42 |
import dns.resolver |
| 43 |
from bleach import Cleaner |
|
| 44 |
from bleach.linkifier import LinkifyFilter |
|
| 43 | 45 | |
| 44 | 46 |
try: |
| 45 | 47 |
import magic |
| ... | ... | |
| 2265 | 2267 |
def _parse(self, request): |
| 2266 | 2268 |
TextWidget._parse(self, request, use_validation_function=False) |
| 2267 | 2269 |
if self.value: |
| 2268 |
self.value = bleach.clean( |
|
| 2269 |
self.value, |
|
| 2270 |
cleaner = Cleaner( |
|
| 2270 | 2271 |
tags=self.ALL_TAGS, |
| 2271 | 2272 |
attributes=self.ALL_ATTRS, |
| 2272 | 2273 |
styles=self.ALL_STYLES, |
| 2273 | 2274 |
strip=True, |
| 2274 | 2275 |
strip_comments=False, |
| 2276 |
filters=[partial(LinkifyFilter, skip_tags=['pre'], parse_email=False)], |
|
| 2275 | 2277 |
) |
| 2278 |
self.value = cleaner.clean(self.value) |
|
| 2276 | 2279 |
if self.value.startswith('<br />'):
|
| 2277 | 2280 |
self.value = self.value[6:] |
| 2278 | 2281 |
if self.value.endswith('<br />'):
|
| 2279 |
- |
|