Changeset - 563708f2275d
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Mads Kiilerich - 6 years ago 2019-11-29 11:47:32
mads@kiilerich.com
Grafted from: 3ce63212133f
tests: add some doctests for urlify and markup
2 files changed with 6 insertions and 0 deletions:
kallithea/lib/helpers.py
2
kallithea/lib/markup_renderer.py
4
0 comments (0 inline, 0 general)
kallithea/lib/helpers.py
Show inline comments
 
@@ -1041,48 +1041,50 @@ _URLIFY_RE = re.compile(r'''
 
# Markup of *bold text*
 
(?:
 
  (?:^|(?<=\s))
 
  (?P<bold> [*] (?!\s) [^*\n]* (?<!\s) [*] )
 
  (?![*\w])
 
) |
 
# "Stylize" markup
 
\[see\ \=&gt;\ *(?P<seen>[a-zA-Z0-9\/\=\?\&\ \:\/\.\-]*)\] |
 
\[license\ \=&gt;\ *(?P<license>[a-zA-Z0-9\/\=\?\&\ \:\/\.\-]*)\] |
 
\[(?P<tagtype>requires|recommends|conflicts|base)\ \=&gt;\ *(?P<tagvalue>[a-zA-Z0-9\-\/]*)\] |
 
\[(?:lang|language)\ \=&gt;\ *(?P<lang>[a-zA-Z\-\/\#\+]*)\] |
 
\[(?P<tag>[a-z]+)\]
 
''' % (url_re.pattern, MENTIONS_REGEX.pattern),
 
    re.VERBOSE | re.MULTILINE | re.IGNORECASE)
 

			




	
	
	
		
 

			




	
	
	
		
 
def urlify_text(s, repo_name=None, link_=None, truncate=None, stylize=False, truncatef=truncate):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Parses given text message and make literal html with markup.

			




	
	
	
		
 
    The text will be truncated to the specified length.

			




	
	
	
		
 
    Hashes are turned into changeset links to specified repository.

			




	
	
	
		
 
    URLs links to what they say.

			




	
	
	
		
 
    Issues are linked to given issue-server.

			




	
	
	
		
 
    If link_ is provided, all text not already linking somewhere will link there.

			




	
	
	
		
 
    >>> urlify_text("Urlify http://example.com/ and 'https://example.com' *and* <b>markup/b>")

			




	
	
	
		
 
    literal('Urlify <a href="http://example.com/">http://example.com/</a> and &#39;<a href="https://example.com&apos">https://example.com&apos</a>; <b>*and*</b> &lt;b&gt;markup/b&gt;')

			




	
	
	
		
 
    """

			




	
	
	
		
 

			




	
	
	
		
 
    def _replace(match_obj):

			




	
	
	
		
 
        url = match_obj.group('url')

			




	
	
	
		
 
        if url is not None:

			




	
	
	
		
 
            return '<a href="%(url)s">%(url)s</a>' % {'url': url}

			




	
	
	
		
 
        mention = match_obj.group('mention')

			




	
	
	
		
 
        if mention is not None:

			




	
	
	
		
 
            return '<b>%s</b>' % mention

			




	
	
	
		
 
        hash_ = match_obj.group('hash')

			




	
	
	
		
 
        if hash_ is not None and repo_name is not None:

			




	
	
	
		
 
            from kallithea.config.routing import url  # doh, we need to re-import url to mock it later

			




	
	
	
		
 
            return '<a class="changeset_hash" href="%(url)s">%(hash)s</a>' % {

			




	
	
	
		
 
                 'url': url('changeset_home', repo_name=repo_name, revision=hash_),

			




	
	
	
		
 
                 'hash': hash_,

			




	
	
	
		
 
                }

			




	
	
	
		
 
        bold = match_obj.group('bold')

			




	
	
	
		
 
        if bold is not None:

			




	
	
	
		
 
            return '<b>*%s*</b>' % _urlify(bold[1:-1])

			




	
	
	
		
 
        if stylize:

			




	
	
	
		
 
            seen = match_obj.group('seen')

			




	
	
	
		
 
            if seen:

			




	
	
	
		
 
                return '<div class="label label-meta" data-tag="see">see =&gt; %s</div>' % seen

			




	
	
	
		
 
            license = match_obj.group('license')

			




        

    


    
    

    

        

                

                    kallithea/lib/markup_renderer.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -129,48 +129,52 @@ class MarkupRenderer(object):

			




	
	
	
		
 
        >>> MarkupRenderer.render('''<div onclick="alert(2)">yo</div>''', 'markdown')

			




	
	
	
		
 
        '<div>yo</div>'

			




	
	
	
		
 
        >>> MarkupRenderer.render('''<a href="javascript:alert(3)">yo</a>''', 'md')

			




	
	
	
		
 
        '<p><a>yo</a></p>'

			




	
	
	
		
 
        """

			




	
	
	
		
 

			




	
	
	
		
 
        renderer = cls._detect_renderer(source, filename)

			




	
	
	
		
 
        readme_data = renderer(source)

			




	
	
	
		
 
        # Allow most HTML, while preventing XSS issues:

			




	
	
	
		
 
        # no <script> tags, no onclick attributes, no javascript

			




	
	
	
		
 
        # "protocol", and also limit styling to prevent defacing.

			




	
	
	
		
 
        return bleach.clean(readme_data,

			




	
	
	
		
 
            tags=['a', 'abbr', 'b', 'blockquote', 'br', 'code', 'dd',

			




	
	
	
		
 
                  'div', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5',

			




	
	
	
		
 
                  'h6', 'hr', 'i', 'img', 'li', 'ol', 'p', 'pre', 'span',

			




	
	
	
		
 
                  'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'th',

			




	
	
	
		
 
                  'thead', 'tr', 'ul'],

			




	
	
	
		
 
            attributes=['class', 'id', 'style', 'label', 'title', 'alt', 'href', 'src'],

			




	
	
	
		
 
            styles=['color'],

			




	
	
	
		
 
            protocols=['http', 'https', 'mailto'],

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def plain(cls, source, universal_newline=True):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        >>> MarkupRenderer.plain('https://example.com/')

			




	
	
	
		
 
        '<br /><a href="https://example.com/">https://example.com/</a>'

			




	
	
	
		
 
        """

			




	
	
	
		
 
        source = safe_str(source)

			




	
	
	
		
 
        if universal_newline:

			




	
	
	
		
 
            newline = '\n'

			




	
	
	
		
 
            source = newline.join(source.splitlines())

			




	
	
	
		
 

			




	
	
	
		
 
        def url_func(match_obj):

			




	
	
	
		
 
            url_full = match_obj.group(0)

			




	
	
	
		
 
            return '<a href="%(url)s">%(url)s</a>' % ({'url': url_full})

			




	
	
	
		
 
        source = url_re.sub(url_func, source)

			




	
	
	
		
 
        return '<br />' + source.replace("\n", '<br />')

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def markdown(cls, source, safe=True, flavored=False):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        Convert Markdown (possibly GitHub Flavored) to INSECURE HTML, possibly

			




	
	
	
		
 
        with "safe" fall-back to plaintext. Output from this method should be sanitized before use.

			




	
	
	
		
 

			




	
	
	
		
 
        >>> MarkupRenderer.markdown('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''')

			




	
	
	
		
 
        '<p><img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg"></p>'

			




	
	
	
		
 
        >>> MarkupRenderer.markdown('''<img class="c d" src="file://localhost/test.jpg">''')

			




	
	
	
		
 
        '<p><img class="c d" src="file://localhost/test.jpg"></p>'

			




	
	
	
		
 
        >>> MarkupRenderer.markdown('''<a href="foo">foo</a>''')

			




	
	
	
		
 
        '<p><a href="foo">foo</a></p>'

			




	
	
	
		
 
        >>> MarkupRenderer.markdown('''<script>alert(1)</script>''')

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.