Back to index

plone3  3.1.7
Public Member Functions | Public Attributes
PortalTransforms.transforms.safe_html.StrippingParser Class Reference
Inheritance diagram for PortalTransforms.transforms.safe_html.StrippingParser:
Inheritance graph
[legend]
Collaboration diagram for PortalTransforms.transforms.safe_html.StrippingParser:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def handle_data
def handle_charref
def handle_comment
def handle_decl
def handle_entityref
def unknown_starttag
def unknown_endtag
def getResult

Public Attributes

 result
 valid
 nasty
 remove_javascript
 raise_error
 suppress

Detailed Description

Pass only allowed tags;  raise exception for known-bad.

Copied from Products.CMFDefault.utils
Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.

Definition at line 59 of file safe_html.py.


Constructor & Destructor Documentation

def PortalTransforms.transforms.safe_html.StrippingParser.__init__ (   self,
  valid,
  nasty,
  remove_javascript,
  raise_error 
)

Definition at line 68 of file safe_html.py.

00068 
00069     def __init__(self, valid, nasty, remove_javascript, raise_error):
00070         SGMLParser.__init__( self )
00071         self.result = []
00072         self.valid = valid
00073         self.nasty = nasty
00074         self.remove_javascript = remove_javascript
00075         self.raise_error = raise_error
00076         self.suppress = False


Member Function Documentation

Definition at line 144 of file safe_html.py.

00144 
00145     def getResult(self):
00146         return ''.join(self.result)

Here is the call graph for this function:

Definition at line 82 of file safe_html.py.

00082 
00083     def handle_charref(self, name):
00084         if self.suppress: return
00085         self.result.append('&#%s;' % name)

Definition at line 86 of file safe_html.py.

00086 
00087     def handle_comment(self, comment):
00088         pass

Definition at line 77 of file safe_html.py.

00077 
00078     def handle_data(self, data):
00079         if self.suppress: return
00080         if data:
00081             self.result.append(escape(data))

Definition at line 89 of file safe_html.py.

00089 
00090     def handle_decl(self, data):
00091         pass

Definition at line 92 of file safe_html.py.

00092 
00093     def handle_entityref(self, name):
00094         if self.suppress: return
00095         if self.entitydefs.has_key(name):
00096             x = ';'
00097         else:
00098             # this breaks unstandard entities that end with ';'
00099             x = ''
00100 
00101         self.result.append('&%s%s' % (name, x))

Definition at line 136 of file safe_html.py.

00136 
00137     def unknown_endtag(self, tag):
00138         if self.nasty.has_key(tag) and not self.valid.has_key(tag):
00139             self.suppress = False
00140         if self.suppress: return
00141         if safeToInt(self.valid.get(tag)):
00142             self.result.append('</%s>' % tag)
00143             #remTag = '</%s>' % tag

Here is the call graph for this function:

Delete all tags except for legal ones.

Definition at line 102 of file safe_html.py.

00102 
00103     def unknown_starttag(self, tag, attrs):
00104         """ Delete all tags except for legal ones.
00105         """
00106 
00107         if self.suppress: return
00108 
00109         if self.valid.has_key(tag):
00110             self.result.append('<' + tag)
00111 
00112             remove_script = getattr(self,'remove_javascript',True)
00113 
00114             for k, v in attrs:
00115                 if remove_script and k.strip().lower().startswith('on'):
00116                     if not self.raise_error: continue
00117                     else: raise IllegalHTML, 'Script event "%s" not allowed.' % k
00118                 elif remove_script and hasScript(v):
00119                     if not self.raise_error: continue
00120                     else: raise IllegalHTML, 'Script URI "%s" not allowed.' % v
00121                 else:
00122                     self.result.append(' %s="%s"' % (k, v))
00123 
00124             #UNUSED endTag = '</%s>' % tag
00125             if safeToInt(self.valid.get(tag)):
00126                 self.result.append('>')
00127             else:
00128                 self.result.append(' />')
00129         elif self.nasty.has_key(tag):
00130             self.suppress = True
00131             if self.raise_error:
00132                 raise IllegalHTML, 'Dynamic tag "%s" not allowed.' % tag
00133         else:
00134             # omit tag
00135             pass

Here is the call graph for this function:


Member Data Documentation

Definition at line 72 of file safe_html.py.

Definition at line 74 of file safe_html.py.

Definition at line 73 of file safe_html.py.

Definition at line 70 of file safe_html.py.

Definition at line 75 of file safe_html.py.

Definition at line 71 of file safe_html.py.


The documentation for this class was generated from the following file: