Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5fc36992f7ff0efee0dbe57778defdfd40fb016
edx-platform/openedx/core/djangolib/markup.py
Feanil Patel 57f2ca1a21 fix: Prepare for the bleach 6.0.0 upgrad. 
Changelog: https://bleach.readthedocs.io/en/latest/changes.html#version-6-0-0-january-23rd-2023

The major change is that the tags and protocols attributes and related
constants are expected to be sets rather than lists.
2023-02-01 11:46:44 -05:00

76 lines
2.2 KiB
Python
Raw Blame History

"""
Utilities for use in Mako markup.
"""
import markupsafe
import bleach
from lxml.html.clean import Cleaner
from mako.filters import decode
# Text() can be used to declare a string as plain text, as HTML() is used
# for HTML. It simply wraps markupsafe's escape, which will HTML-escape if
# it isn't already escaped.
Text = markupsafe.escape # pylint: disable=invalid-name
def HTML(html): # pylint: disable=invalid-name
"""
Mark a string as already HTML, so that it won't be escaped before output.
Use this function when formatting HTML into other strings. It must be
used in conjunction with ``Text()``, and both ``HTML()`` and ``Text()``
must be closed before any calls to ``format()``::
<%page expression_filter="h"/>
<%!
from django.utils.translation import gettext as _
from openedx.core.djangolib.markup import HTML, Text
%>
${Text(_("Write & send {start}email{end}")).format(
start=HTML("<a href='mailto:{}'>").format(user.email),
end=HTML("</a>"),
)}
"""
return markupsafe.Markup(html)
def strip_all_tags_but_br(string_to_strip):
"""
Strips all tags from a string except <br/> and marks as HTML.
Usage:
<%page expression_filter="h"/>
<%!
from openedx.core.djangolib.markup import strip_all_tags_but_br
%>
${accomplishment_course_title | n, strip_all_tags_but_br}
"""
if string_to_strip is None:
string_to_strip = ""
string_to_strip = decode.utf8(string_to_strip)
string_to_strip = bleach.clean(string_to_strip, tags={'br'}, strip=True)
return HTML(string_to_strip)
def clean_dangerous_html(html):
"""
Mark a string as already HTML and remove unsafe tags, so that it won't be escaped before output.
Usage:
<%page expression_filter="h"/>
<%!
from openedx.core.djangolib.markup import clean_dangerous_html
%>
${course_details.overview | n, clean_dangerous_html}
"""
if not html:
return html
cleaner = Cleaner(style=True, inline_style=False, safe_attrs_only=False)
html = cleaner.clean_html(html)
return HTML(html)
Reference in New Issue View Git Blame Copy Permalink