Back to index

plone3  3.1.7
Public Member Functions | Public Attributes | Static Public Attributes | Private Attributes | Static Private Attributes
PortalTransforms.transforms.safe_html.SafeHTML Class Reference
Collaboration diagram for PortalTransforms.transforms.safe_html.SafeHTML:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def name
def __getattr__
def convert

Public Attributes

 config
 config_metadata

Static Public Attributes

tuple inputs = ('text/html',)
string output = "text/x-html-safe"

Private Attributes

 __name__

Static Private Attributes

 __implements__ = itransform
string __name__ = "safe_html"

Detailed Description

Simple transform which uses CMFDefault functions to
clean potentially bad tags.   

Tags must explicit be allowed in valid_tags to pass. Only
the tags themself are removed, not their contents. If tags
are removed and in nasty_tags, they are removed with
all of their contents.         

Objects will not be transformed again with changed settings.
You need to clear the cache by e.g.
1.) restarting your zope or
2.) empty the zodb-cache via ZMI -> Control_Panel
    -> Database Management -> main || other_used_database
    -> Flush Cache.

Definition at line 159 of file safe_html.py.


Constructor & Destructor Documentation

def PortalTransforms.transforms.safe_html.SafeHTML.__init__ (   self,
  name = None,
  kwargs 
)

Definition at line 182 of file safe_html.py.

00182 
00183     def __init__(self, name=None, **kwargs):
00184 
00185 
00186         self.config = {
00187             'inputs': self.inputs,
00188             'output': self.output,
00189             'valid_tags': VALID_TAGS,
00190             'nasty_tags': NASTY_TAGS,
00191             'remove_javascript': 1,
00192             'disable_transform': 0,
00193             }
00194 
00195         self.config_metadata = {
00196             'inputs' : ('list', 'Inputs', 'Input(s) MIME type. Change with care.'),
00197             'valid_tags' : ('dict',
00198                             'valid_tags',
00199                             'List of valid html-tags, value is 1 if they ' +
00200                             'have a closing part (e.g. <p>...</p>) and 0 for empty ' +
00201                             'tags (like <br />). Be carefull!',
00202                             ('tag', 'value')),
00203             'nasty_tags' : ('dict',
00204                             'nasty_tags',
00205                             'Dynamic Tags that are striped with ' +
00206                             'everything they contain (like applet, object). ' +
00207                             'They are only deleted if they are not marked as valid_tags.',
00208                             ('tag', 'value')),
00209             'remove_javascript' : ("int",
00210                                    'remove_javascript',
00211                                    '1 to remove javascript attributes that begin with on (e.g. onClick) ' +
00212                                    'and attributes where the value starts with "javascript:" ' +
00213                                    '(e.g. <a href="javascript:function()". ' +
00214                                    'This does not effect <script> tags. 0 to leave the attributes.'),
00215             'disable_transform' : ("int",
00216                                    'disable_transform',
00217                                    'If 1, nothing is done.')
00218             }
00219 
00220         self.config.update(kwargs)
00221 
00222         if name:
00223             self.__name__ = name


Member Function Documentation

Definition at line 227 of file safe_html.py.

00227 
00228     def __getattr__(self, attr):
00229         if attr == 'inputs':
00230             return self.config['inputs']
00231         if attr == 'output':
00232             return self.config['output']
00233         raise AttributeError(attr)

Here is the caller graph for this function:

def PortalTransforms.transforms.safe_html.SafeHTML.convert (   self,
  orig,
  data,
  kwargs 
)

Definition at line 234 of file safe_html.py.

00234 
00235     def convert(self, orig, data, **kwargs):
00236         # note if we need an upgrade.
00237         if not self.config.has_key('disable_transform'):
00238             log(logging.ERROR, 'PortalTransforms safe_html transform needs to be '
00239                 'updated. Please re-install the PortalTransforms product to fix.')
00240 
00241         # if we have a config that we don't want to delete
00242         # we need a disable option
00243         if self.config.get('disable_transform'):
00244             data.setData(orig)
00245             return data
00246 
00247         try:
00248             safe = scrubHTML(
00249                 bodyfinder(orig),
00250                 valid=self.config.get('valid_tags', {}),
00251                 nasty=self.config.get('nasty_tags', {}),
00252                 remove_javascript=self.config.get('remove_javascript', True),
00253                 raise_error=False)
00254         except IllegalHTML, inst:
00255             data.setData(msg_pat % ("Error", str(inst)))
00256         else:
00257             data.setData(safe)
00258         return data

Here is the call graph for this function:

Definition at line 224 of file safe_html.py.

00224 
00225     def name(self):
00226         return self.__name__

Here is the caller graph for this function:


Member Data Documentation

Definition at line 176 of file safe_html.py.

string PortalTransforms.transforms.safe_html.SafeHTML.__name__ = "safe_html" [static, private]

Definition at line 178 of file safe_html.py.

Definition at line 222 of file safe_html.py.

Definition at line 185 of file safe_html.py.

Definition at line 194 of file safe_html.py.

Definition at line 179 of file safe_html.py.

string PortalTransforms.transforms.safe_html.SafeHTML.output = "text/x-html-safe" [static]

Definition at line 180 of file safe_html.py.


The documentation for this class was generated from the following file: