kallithea Files · docs/make.bat

Files @ c7728c5736fd

Branch filter:

Location: kallithea/docs/make.bat

c7728c5736fd 4.3 KiB application/x-msdos-program Show Annotation Show as Raw Download as Raw

Thomas De Schampheleire

templates: narrow down scope of webhelpers.html.literal for HTML injection

When using webhelpers.html.literal to inject some explicit HTML code with
some variable data, there are two approaches:
h.literal('some <html> code with %s data' % foobar)
or
h.literal('some <html> code with %s data') % foobar

In the first case, the literal also applies to the contents of variable
'foobar' which may be influenceable by users and thus potentially malicious.
In the second case, this term will be escaped by webhelpers.

See also the documentation:
https://docs.pylonsproject.org/projects/webhelpers/en/latest/modules/html/builder.html#webhelpers.html.builder.literal
"Also, if you add another string to this string, the other string will
be quoted and you will get back another literal object. Also
literal(...) % obj will quote any value(s) from obj."

In files_browser.html, the correction of this scope of literal() also means
that explicit escaping of node.name can be removed. The escaping is now done
automatically by webhelpers as mentioned above.

@ECHO OFF

REM Command file for Sphinx documentation

if "%SPHINXBUILD%" == "" (
    set SPHINXBUILD=sphinx-build
)
set BUILDDIR=_build
set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
if NOT "%PAPER%" == "" (
    set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
)

if "%1" == "" goto help

if "%1" == "help" (
    :help
    echo.Please use `make ^<target^>` where ^<target^> is one of
    echo.  html       to make standalone HTML files
    echo.  dirhtml    to make HTML files named index.html in directories
    echo.  singlehtml to make a single large HTML file
    echo.  pickle     to make pickle files
    echo.  json       to make JSON files
    echo.  htmlhelp   to make HTML files and a HTML help project
    echo.  qthelp     to make HTML files and a qthelp project
    echo.  devhelp    to make HTML files and a Devhelp project
    echo.  epub       to make an epub
    echo.  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter
    echo.  text       to make text files
    echo.  man        to make manual pages
    echo.  changes    to make an overview over all changed/added/deprecated items
    echo.  linkcheck  to check all external links for integrity
    echo.  doctest    to run all doctests embedded in the documentation if enabled
    goto end
)

if "%1" == "clean" (
    for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
    del /q /s %BUILDDIR%\*
    goto end
)

if "%1" == "html" (
    %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
    echo.
    echo.Build finished. The HTML pages are in %BUILDDIR%/html.
    goto end
)

if "%1" == "dirhtml" (
    %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
    echo.
    echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
    goto end
)

if "%1" == "singlehtml" (
    %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
    echo.
    echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
    goto end
)

if "%1" == "pickle" (
    %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
    echo.
    echo.Build finished; now you can process the pickle files.
    goto end
)

if "%1" == "json" (
    %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
    echo.
    echo.Build finished; now you can process the JSON files.
    goto end
)

if "%1" == "htmlhelp" (
    %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
    echo.
    echo.Build finished; now you can run HTML Help Workshop with the ^
.hhp project file in %BUILDDIR%/htmlhelp.
    goto end
)

if "%1" == "qthelp" (
    %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
    echo.
    echo.Build finished; now you can run "qcollectiongenerator" with the ^
.qhcp project file in %BUILDDIR%/qthelp, like this:
    echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Kallithea.qhcp
    echo.To view the help file:
    echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Kallithea.ghc
    goto end
)

if "%1" == "devhelp" (
    %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
    echo.
    echo.Build finished.
    goto end
)

if "%1" == "epub" (
    %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
    echo.
    echo.Build finished. The epub file is in %BUILDDIR%/epub.
    goto end
)

if "%1" == "latex" (
    %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
    echo.
    echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
    goto end
)

if "%1" == "text" (
    %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
    echo.
    echo.Build finished. The text files are in %BUILDDIR%/text.
    goto end
)

if "%1" == "man" (
    %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
    echo.
    echo.Build finished. The manual pages are in %BUILDDIR%/man.
    goto end
)

if "%1" == "changes" (
    %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
    echo.
    echo.The overview file is in %BUILDDIR%/changes.
    goto end
)

if "%1" == "linkcheck" (
    %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
    echo.
    echo.Link check complete; look for any errors in the above output ^
or in %BUILDDIR%/linkcheck/output.txt.
    goto end
)

if "%1" == "doctest" (
    %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
    echo.
    echo.Testing of doctests in the sources finished, look at the ^
results in %BUILDDIR%/doctest/output.txt.
    goto end
)

:end