Back to index

plone3  3.1.7
Public Member Functions | Public Attributes
CMFDefault.utils.StrippingParser Class Reference
Inheritance diagram for CMFDefault.utils.StrippingParser:
Inheritance graph
[legend]
Collaboration diagram for CMFDefault.utils.StrippingParser:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def handle_data
def handle_charref
def handle_entityref
def unknown_starttag
def unknown_endtag

Public Attributes

 result
 valid_tags
 nasty_tags

Detailed Description

Pass only allowed tags;  raise exception for known-bad.

Definition at line 292 of file utils.py.


Constructor & Destructor Documentation

def CMFDefault.utils.StrippingParser.__init__ (   self,
  valid_tags = None,
  nasty_tags = None 
)

Definition at line 299 of file utils.py.

00299 
00300     def __init__( self, valid_tags=None, nasty_tags=None ):
00301 
00302         SGMLParser.__init__( self )
00303         self.result = ""
00304         self.valid_tags = valid_tags or VALID_TAGS
00305         self.nasty_tags = nasty_tags or NASTY_TAGS


Member Function Documentation

Definition at line 311 of file utils.py.

00311 
00312     def handle_charref( self, name ):
00313 
00314         self.result = "%s&#%s;" % ( self.result, name )

Definition at line 306 of file utils.py.

00306 
00307     def handle_data( self, data ):
00308 
00309         if data:
00310             self.result = self.result + data

Definition at line 315 of file utils.py.

00315 
00316     def handle_entityref(self, name):
00317 
00318         if self.entitydefs.has_key(name):
00319             x = ';'
00320         else:
00321             # this breaks unstandard entities that end with ';'
00322             x = ''
00323 
00324         self.result = "%s&%s%s" % (self.result, name, x)

Definition at line 360 of file utils.py.

00360 
00361     def unknown_endtag(self, tag):
00362 
00363         if self.valid_tags.get(tag):
00364 
00365             self.result = "%s</%s>" % (self.result, tag)
00366             remTag = '</%s>' % tag
00367 
00368 
security.declarePublic('scrubHTML')
def CMFDefault.utils.StrippingParser.unknown_starttag (   self,
  tag,
  attrs 
)
Delete all tags except for legal ones.

Definition at line 325 of file utils.py.

00325 
00326     def unknown_starttag(self, tag, attrs):
00327         """ Delete all tags except for legal ones.
00328         """
00329         if self.valid_tags.has_key(tag):
00330 
00331             self.result = self.result + '<' + tag
00332 
00333             for k, v in attrs:
00334 
00335                 if k.lower().startswith('on'):
00336                     msg = _(u"JavaScript event '${attribute}' not allowed.",
00337                             mapping={'attribute': k})
00338                     raise IllegalHTML(msg)
00339 
00340                 if v.lower().startswith('javascript:'):
00341                     msg = _(u"JavaScript URI '${value}' not allowed.",
00342                             mapping={'value': v})
00343                     raise IllegalHTML(msg)
00344 
00345                 self.result = '%s %s="%s"' % (self.result, k, v)
00346 
00347             endTag = '</%s>' % tag
00348             if self.valid_tags.get(tag):
00349                 self.result = self.result + '>'
00350             else:
00351                 self.result = self.result + ' />'
00352 
00353         elif self.nasty_tags.get(tag):
00354             msg = _(u"Dynamic tag '${tag}' not allowed.",
00355                     mapping={'tag': tag})
00356             raise IllegalHTML(msg)
00357 
00358         else:
00359             pass    # omit tag


Member Data Documentation

Definition at line 304 of file utils.py.

Definition at line 302 of file utils.py.

Definition at line 303 of file utils.py.


The documentation for this class was generated from the following file: