(allura) 01/08: [#8536] use Markup's own interpolation
This is an automated email from the ASF dual-hosted git repository. gcruz pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/allura.git commit e80a4cae61866b6435916a4885c6e443f015c318 Author: Dave Brondsema AuthorDate: Fri Feb 9 11:23:44 2024 -0500 [#8536] use Markup's own interpolation --- Allura/allura/lib/app_globals.py | 15 + Allura/allura/lib/search.py | 2 +- Allura/allura/lib/utils.py| 10 - Allura/allura/lib/widgets/forms.py| 27 ++- Allura/allura/tasks/mail_tasks.py | 2 +- Allura/allura/tests/test_globals.py | 1 + ForgeActivity/forgeactivity/templates/macros.html | 2 +- ForgeTracker/forgetracker/model/ticket.py | 2 +- ForgeTracker/forgetracker/widgets/ticket_form.py | 2 +- 9 files changed, 28 insertions(+), 35 deletions(-) diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py index eadabd9bd..9cc3d86bb 100644 --- a/Allura/allura/lib/app_globals.py +++ b/Allura/allura/lib/app_globals.py @@ -99,17 +99,14 @@ class ForgeMarkdown: # if text is too big, markdown can take a long time to process it, # so we return it as a plain text log.info('Text is too big. Skipping markdown processing') -escaped = html.escape(h.really_unicode(source)) -return Markup('%s' % escaped) +return Markup('{}').format(h.really_unicode(source)) try: return self.make_markdown_instance(**self.forge_ext_kwargs).convert(source) except Exception: log.info('Invalid markdown: %s Upwards trace is %s', source, ''.join(traceback.format_stack()), exc_info=True) -escaped = h.really_unicode(source) -escaped = html.escape(escaped) return Markup("""ERROR! The markdown supplied could not be parsed correctly. -Did you forget to surround a code snippet with ""?%s""" % escaped) +Did you forget to surround a code snippet with ""?%s""") % h.really_unicode(source) @LazyProperty def uncacheable_macro_regex(self): @@ -471,10 +468,8 @@ class Globals: lexer = pygments.lexers.get_lexer_by_name(lexer, encoding='chardet') if lexer is None or len(text) >= asint(config.get('scm.view.max_syntax_highlight_bytes', 50)): -# no highlighting, but we should escape, encode, and wrap it in -# a -text = html.escape(text) -return Markup('' + text + '') +# no highlighting, but we should wrap it in a safely +return Markup('{}').format(text) else: return Markup(pygments.highlight(text, lexer, formatter)) @@ -686,7 +681,7 @@ class Icon: if tag == 'a': attrs['href'] = '#' attrs.update(kw) -attrs = ew._Jinja2Widget().j2_attrs(attrs) +attrs = ew._Jinja2Widget().j2_attrs(attrs) # this escapes them visible_title = '' if show_title: visible_title = f' {Markup.escape(title)}' diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py index 27a29f738..388384798 100644 --- a/Allura/allura/lib/search.py +++ b/Allura/allura/lib/search.py @@ -409,4 +409,4 @@ def mapped_artifacts_from_index_ids(index_ids, model, objectid_id=True): map = {} for m in models: map[str(m._id)] = m -return map \ No newline at end of file +return map diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py index 683a7fcae..0cf6b8c3c 100644 --- a/Allura/allura/lib/utils.py +++ b/Allura/allura/lib/utils.py @@ -211,10 +211,10 @@ def chunked_iter(iterable, max_size): class AntiSpam: '''Helper class for bot-protecting forms''' -honey_field_template = string.Template(''' -You seem to have CSS turned off. +honey_field_template = ''' +You seem to have CSS turned off. Please don't fill out this field. -''') +''' def __init__(self, request=None, num_honey=2, timestamp=None, spinner=None): self.num_honey = num_honey @@ -307,10 +307,10 @@ class AntiSpam: for fldno in range(self.num_honey): fld_name = self.enc('honey%d' % (fldno)) fld_id = self.enc('honey%d%d' % (self.counter, fldno)) -yield Markup(self.honey_field_template.substitute( +yield Markup(self.honey_field_template).format( honey_class=self.honey_class, fld_id=fld_id, -fld_name=fld_name)) +fld_name=fld_name) self.counter += 1 def make_spinner(self, timestamp=None): diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py index 5252819e1..134cd6f40 100644 --- a/Allura/allura/lib/widgets/forms.py +++ b/Allura/allura/lib/widgets/fo
(allura) 01/08: [#8536] use Markup's own interpolation
This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch db/8536 in repository https://gitbox.apache.org/repos/asf/allura.git commit 8fb39f641df098feef390709997234bc77e0bc57 Author: Dave Brondsema AuthorDate: Fri Feb 9 11:23:44 2024 -0500 [#8536] use Markup's own interpolation --- Allura/allura/lib/app_globals.py | 15 + Allura/allura/lib/search.py | 2 +- Allura/allura/lib/utils.py| 10 - Allura/allura/lib/widgets/forms.py| 27 ++- Allura/allura/tasks/mail_tasks.py | 2 +- Allura/allura/tests/test_globals.py | 1 + ForgeActivity/forgeactivity/templates/macros.html | 2 +- ForgeTracker/forgetracker/model/ticket.py | 2 +- ForgeTracker/forgetracker/widgets/ticket_form.py | 2 +- 9 files changed, 28 insertions(+), 35 deletions(-) diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py index eadabd9bd..9cc3d86bb 100644 --- a/Allura/allura/lib/app_globals.py +++ b/Allura/allura/lib/app_globals.py @@ -99,17 +99,14 @@ class ForgeMarkdown: # if text is too big, markdown can take a long time to process it, # so we return it as a plain text log.info('Text is too big. Skipping markdown processing') -escaped = html.escape(h.really_unicode(source)) -return Markup('%s' % escaped) +return Markup('{}').format(h.really_unicode(source)) try: return self.make_markdown_instance(**self.forge_ext_kwargs).convert(source) except Exception: log.info('Invalid markdown: %s Upwards trace is %s', source, ''.join(traceback.format_stack()), exc_info=True) -escaped = h.really_unicode(source) -escaped = html.escape(escaped) return Markup("""ERROR! The markdown supplied could not be parsed correctly. -Did you forget to surround a code snippet with ""?%s""" % escaped) +Did you forget to surround a code snippet with ""?%s""") % h.really_unicode(source) @LazyProperty def uncacheable_macro_regex(self): @@ -471,10 +468,8 @@ class Globals: lexer = pygments.lexers.get_lexer_by_name(lexer, encoding='chardet') if lexer is None or len(text) >= asint(config.get('scm.view.max_syntax_highlight_bytes', 50)): -# no highlighting, but we should escape, encode, and wrap it in -# a -text = html.escape(text) -return Markup('' + text + '') +# no highlighting, but we should wrap it in a safely +return Markup('{}').format(text) else: return Markup(pygments.highlight(text, lexer, formatter)) @@ -686,7 +681,7 @@ class Icon: if tag == 'a': attrs['href'] = '#' attrs.update(kw) -attrs = ew._Jinja2Widget().j2_attrs(attrs) +attrs = ew._Jinja2Widget().j2_attrs(attrs) # this escapes them visible_title = '' if show_title: visible_title = f' {Markup.escape(title)}' diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py index 27a29f738..388384798 100644 --- a/Allura/allura/lib/search.py +++ b/Allura/allura/lib/search.py @@ -409,4 +409,4 @@ def mapped_artifacts_from_index_ids(index_ids, model, objectid_id=True): map = {} for m in models: map[str(m._id)] = m -return map \ No newline at end of file +return map diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py index 683a7fcae..0cf6b8c3c 100644 --- a/Allura/allura/lib/utils.py +++ b/Allura/allura/lib/utils.py @@ -211,10 +211,10 @@ def chunked_iter(iterable, max_size): class AntiSpam: '''Helper class for bot-protecting forms''' -honey_field_template = string.Template(''' -You seem to have CSS turned off. +honey_field_template = ''' +You seem to have CSS turned off. Please don't fill out this field. -''') +''' def __init__(self, request=None, num_honey=2, timestamp=None, spinner=None): self.num_honey = num_honey @@ -307,10 +307,10 @@ class AntiSpam: for fldno in range(self.num_honey): fld_name = self.enc('honey%d' % (fldno)) fld_id = self.enc('honey%d%d' % (self.counter, fldno)) -yield Markup(self.honey_field_template.substitute( +yield Markup(self.honey_field_template).format( honey_class=self.honey_class, fld_id=fld_id, -fld_name=fld_name)) +fld_name=fld_name) self.counter += 1 def make_spinner(self, timestamp=None): diff --git a/Allura/allura/lib/widgets/forms.py b/Allura/allura/lib/widgets/forms.py index 5252819e1..134cd6f40 100644 --- a/Allura/allura/lib/widgets/forms.py +++ b/Allura/allura/lib/widget