(allura) 01/08: [#8536] use Markup's own interpolation

[gcruz]

This is an automated email from the ASF dual-hosted git repository.

gcruz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git

commit e80a4cae61866b6435916a4885c6e443f015c318
Author: Dave Brondsema 
AuthorDate: Fri Feb 9 11:23:44 2024 -0500

[#8536] use Markup's own interpolation
---
 Allura/allura/lib/app_globals.py  | 15 +
 Allura/allura/lib/search.py   |  2 +-
 Allura/allura/lib/utils.py| 10 -
 Allura/allura/lib/widgets/forms.py| 27 ++-
 Allura/allura/tasks/mail_tasks.py |  2 +-
 Allura/allura/tests/test_globals.py   |  1 +
 ForgeActivity/forgeactivity/templates/macros.html |  2 +-
 ForgeTracker/forgetracker/model/ticket.py |  2 +-
 ForgeTracker/forgetracker/widgets/ticket_form.py  |  2 +-
 9 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index eadabd9bd..9cc3d86bb 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -99,17 +99,14 @@ class ForgeMarkdown:
 # if text is too big, markdown can take a long time to process it,
 # so we return it as a plain text
 log.info('Text is too big. Skipping markdown processing')
-escaped = html.escape(h.really_unicode(source))
-return Markup('%s' % escaped)
+return Markup('{}').format(h.really_unicode(source))
 try:
 return 
self.make_markdown_instance(**self.forge_ext_kwargs).convert(source)
 except Exception:
 log.info('Invalid markdown: %s  Upwards trace is %s', source,
  ''.join(traceback.format_stack()), exc_info=True)
-escaped = h.really_unicode(source)
-escaped = html.escape(escaped)
 return Markup("""ERROR! The markdown supplied 
could not be parsed correctly.
-Did you forget to surround a code snippet with 
""?%s""" % escaped)
+Did you forget to surround a code snippet with 
""?%s""") % h.really_unicode(source)
 
 @LazyProperty
 def uncacheable_macro_regex(self):
@@ -471,10 +468,8 @@ class Globals:
 lexer = pygments.lexers.get_lexer_by_name(lexer, 
encoding='chardet')
 
 if lexer is None or len(text) >= 
asint(config.get('scm.view.max_syntax_highlight_bytes', 50)):
-# no highlighting, but we should escape, encode, and wrap it in
-# a 
-text = html.escape(text)
-return Markup('' + text + '')
+# no highlighting, but we should wrap it in a  safely
+return Markup('{}').format(text)
 else:
 return Markup(pygments.highlight(text, lexer, formatter))
 
@@ -686,7 +681,7 @@ class Icon:
 if tag == 'a':
 attrs['href'] = '#'
 attrs.update(kw)
-attrs = ew._Jinja2Widget().j2_attrs(attrs)
+attrs = ew._Jinja2Widget().j2_attrs(attrs)  # this escapes them
 visible_title = ''
 if show_title:
 visible_title = f' {Markup.escape(title)}'
diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py
index 27a29f738..388384798 100644
--- a/Allura/allura/lib/search.py
+++ b/Allura/allura/lib/search.py
@@ -409,4 +409,4 @@ def mapped_artifacts_from_index_ids(index_ids, model, 
objectid_id=True):
 map = {}
 for m in models:
 map[str(m._id)] = m
-return map
\ No newline at end of file
+return map
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 683a7fcae..0cf6b8c3c 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -211,10 +211,10 @@ def chunked_iter(iterable, max_size):
 class AntiSpam:
 
 '''Helper class for bot-protecting forms'''
-honey_field_template = string.Template('''
-You seem to have CSS turned off.
+honey_field_template = '''
+You seem to have CSS turned off.
 Please don't fill out this field.
-''')
+'''
 
 def __init__(self, request=None, num_honey=2, timestamp=None, 
spinner=None):
 self.num_honey = num_honey
@@ -307,10 +307,10 @@ class AntiSpam:
 for fldno in range(self.num_honey):
 fld_name = self.enc('honey%d' % (fldno))
 fld_id = self.enc('honey%d%d' % (self.counter, fldno))
-yield Markup(self.honey_field_template.substitute(
+yield Markup(self.honey_field_template).format(
 honey_class=self.honey_class,
 fld_id=fld_id,
-fld_name=fld_name))
+fld_name=fld_name)
 self.counter += 1
 
 def make_spinner(self, timestamp=None):
diff --git a/Allura/allura/lib/widgets/forms.py 
b/Allura/allura/lib/widgets/forms.py
index 5252819e1..134cd6f40 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widgets/fo

(allura) 01/08: [#8536] use Markup's own interpolation

[brondsem]

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/8536
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 8fb39f641df098feef390709997234bc77e0bc57
Author: Dave Brondsema 
AuthorDate: Fri Feb 9 11:23:44 2024 -0500

[#8536] use Markup's own interpolation
---
 Allura/allura/lib/app_globals.py  | 15 +
 Allura/allura/lib/search.py   |  2 +-
 Allura/allura/lib/utils.py| 10 -
 Allura/allura/lib/widgets/forms.py| 27 ++-
 Allura/allura/tasks/mail_tasks.py |  2 +-
 Allura/allura/tests/test_globals.py   |  1 +
 ForgeActivity/forgeactivity/templates/macros.html |  2 +-
 ForgeTracker/forgetracker/model/ticket.py |  2 +-
 ForgeTracker/forgetracker/widgets/ticket_form.py  |  2 +-
 9 files changed, 28 insertions(+), 35 deletions(-)

diff --git a/Allura/allura/lib/app_globals.py b/Allura/allura/lib/app_globals.py
index eadabd9bd..9cc3d86bb 100644
--- a/Allura/allura/lib/app_globals.py
+++ b/Allura/allura/lib/app_globals.py
@@ -99,17 +99,14 @@ class ForgeMarkdown:
 # if text is too big, markdown can take a long time to process it,
 # so we return it as a plain text
 log.info('Text is too big. Skipping markdown processing')
-escaped = html.escape(h.really_unicode(source))
-return Markup('%s' % escaped)
+return Markup('{}').format(h.really_unicode(source))
 try:
 return 
self.make_markdown_instance(**self.forge_ext_kwargs).convert(source)
 except Exception:
 log.info('Invalid markdown: %s  Upwards trace is %s', source,
  ''.join(traceback.format_stack()), exc_info=True)
-escaped = h.really_unicode(source)
-escaped = html.escape(escaped)
 return Markup("""ERROR! The markdown supplied 
could not be parsed correctly.
-Did you forget to surround a code snippet with 
""?%s""" % escaped)
+Did you forget to surround a code snippet with 
""?%s""") % h.really_unicode(source)
 
 @LazyProperty
 def uncacheable_macro_regex(self):
@@ -471,10 +468,8 @@ class Globals:
 lexer = pygments.lexers.get_lexer_by_name(lexer, 
encoding='chardet')
 
 if lexer is None or len(text) >= 
asint(config.get('scm.view.max_syntax_highlight_bytes', 50)):
-# no highlighting, but we should escape, encode, and wrap it in
-# a 
-text = html.escape(text)
-return Markup('' + text + '')
+# no highlighting, but we should wrap it in a  safely
+return Markup('{}').format(text)
 else:
 return Markup(pygments.highlight(text, lexer, formatter))
 
@@ -686,7 +681,7 @@ class Icon:
 if tag == 'a':
 attrs['href'] = '#'
 attrs.update(kw)
-attrs = ew._Jinja2Widget().j2_attrs(attrs)
+attrs = ew._Jinja2Widget().j2_attrs(attrs)  # this escapes them
 visible_title = ''
 if show_title:
 visible_title = f' {Markup.escape(title)}'
diff --git a/Allura/allura/lib/search.py b/Allura/allura/lib/search.py
index 27a29f738..388384798 100644
--- a/Allura/allura/lib/search.py
+++ b/Allura/allura/lib/search.py
@@ -409,4 +409,4 @@ def mapped_artifacts_from_index_ids(index_ids, model, 
objectid_id=True):
 map = {}
 for m in models:
 map[str(m._id)] = m
-return map
\ No newline at end of file
+return map
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 683a7fcae..0cf6b8c3c 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -211,10 +211,10 @@ def chunked_iter(iterable, max_size):
 class AntiSpam:
 
 '''Helper class for bot-protecting forms'''
-honey_field_template = string.Template('''
-You seem to have CSS turned off.
+honey_field_template = '''
+You seem to have CSS turned off.
 Please don't fill out this field.
-''')
+'''
 
 def __init__(self, request=None, num_honey=2, timestamp=None, 
spinner=None):
 self.num_honey = num_honey
@@ -307,10 +307,10 @@ class AntiSpam:
 for fldno in range(self.num_honey):
 fld_name = self.enc('honey%d' % (fldno))
 fld_id = self.enc('honey%d%d' % (self.counter, fldno))
-yield Markup(self.honey_field_template.substitute(
+yield Markup(self.honey_field_template).format(
 honey_class=self.honey_class,
 fld_id=fld_id,
-fld_name=fld_name))
+fld_name=fld_name)
 self.counter += 1
 
 def make_spinner(self, timestamp=None):
diff --git a/Allura/allura/lib/widgets/forms.py 
b/Allura/allura/lib/widgets/forms.py
index 5252819e1..134cd6f40 100644
--- a/Allura/allura/lib/widgets/forms.py
+++ b/Allura/allura/lib/widget