OLD | NEW |
(Empty) | |
| 1 # -*- coding: utf-8 -*- |
| 2 """ |
| 3 markupsafe |
| 4 ~~~~~~~~~~ |
| 5 |
| 6 Implements a Markup string. |
| 7 |
| 8 :copyright: (c) 2010 by Armin Ronacher. |
| 9 :license: BSD, see LICENSE for more details. |
| 10 """ |
| 11 import re |
| 12 from itertools import imap |
| 13 |
| 14 |
| 15 __all__ = ['Markup', 'soft_unicode', 'escape', 'escape_silent'] |
| 16 |
| 17 |
| 18 _striptags_re = re.compile(r'(<!--.*?-->|<[^>]*>)') |
| 19 _entity_re = re.compile(r'&([^;]+);') |
| 20 |
| 21 |
| 22 class Markup(unicode): |
| 23 r"""Marks a string as being safe for inclusion in HTML/XML output without |
| 24 needing to be escaped. This implements the `__html__` interface a couple |
| 25 of frameworks and web applications use. :class:`Markup` is a direct |
| 26 subclass of `unicode` and provides all the methods of `unicode` just that |
| 27 it escapes arguments passed and always returns `Markup`. |
| 28 |
| 29 The `escape` function returns markup objects so that double escaping can't |
| 30 happen. |
| 31 |
| 32 The constructor of the :class:`Markup` class can be used for three |
| 33 different things: When passed an unicode object it's assumed to be safe, |
| 34 when passed an object with an HTML representation (has an `__html__` |
| 35 method) that representation is used, otherwise the object passed is |
| 36 converted into a unicode string and then assumed to be safe: |
| 37 |
| 38 >>> Markup("Hello <em>World</em>!") |
| 39 Markup(u'Hello <em>World</em>!') |
| 40 >>> class Foo(object): |
| 41 ... def __html__(self): |
| 42 ... return '<a href="#">foo</a>' |
| 43 ... |
| 44 >>> Markup(Foo()) |
| 45 Markup(u'<a href="#">foo</a>') |
| 46 |
| 47 If you want object passed being always treated as unsafe you can use the |
| 48 :meth:`escape` classmethod to create a :class:`Markup` object: |
| 49 |
| 50 >>> Markup.escape("Hello <em>World</em>!") |
| 51 Markup(u'Hello <em>World</em>!') |
| 52 |
| 53 Operations on a markup string are markup aware which means that all |
| 54 arguments are passed through the :func:`escape` function: |
| 55 |
| 56 >>> em = Markup("<em>%s</em>") |
| 57 >>> em % "foo & bar" |
| 58 Markup(u'<em>foo & bar</em>') |
| 59 >>> strong = Markup("<strong>%(text)s</strong>") |
| 60 >>> strong % {'text': '<blink>hacker here</blink>'} |
| 61 Markup(u'<strong><blink>hacker here</blink></strong>') |
| 62 >>> Markup("<em>Hello</em> ") + "<foo>" |
| 63 Markup(u'<em>Hello</em> <foo>') |
| 64 """ |
| 65 __slots__ = () |
| 66 |
| 67 def __new__(cls, base=u'', encoding=None, errors='strict'): |
| 68 if hasattr(base, '__html__'): |
| 69 base = base.__html__() |
| 70 if encoding is None: |
| 71 return unicode.__new__(cls, base) |
| 72 return unicode.__new__(cls, base, encoding, errors) |
| 73 |
| 74 def __html__(self): |
| 75 return self |
| 76 |
| 77 def __add__(self, other): |
| 78 if hasattr(other, '__html__') or isinstance(other, basestring): |
| 79 return self.__class__(unicode(self) + unicode(escape(other))) |
| 80 return NotImplemented |
| 81 |
| 82 def __radd__(self, other): |
| 83 if hasattr(other, '__html__') or isinstance(other, basestring): |
| 84 return self.__class__(unicode(escape(other)) + unicode(self)) |
| 85 return NotImplemented |
| 86 |
| 87 def __mul__(self, num): |
| 88 if isinstance(num, (int, long)): |
| 89 return self.__class__(unicode.__mul__(self, num)) |
| 90 return NotImplemented |
| 91 __rmul__ = __mul__ |
| 92 |
| 93 def __mod__(self, arg): |
| 94 if isinstance(arg, tuple): |
| 95 arg = tuple(imap(_MarkupEscapeHelper, arg)) |
| 96 else: |
| 97 arg = _MarkupEscapeHelper(arg) |
| 98 return self.__class__(unicode.__mod__(self, arg)) |
| 99 |
| 100 def __repr__(self): |
| 101 return '%s(%s)' % ( |
| 102 self.__class__.__name__, |
| 103 unicode.__repr__(self) |
| 104 ) |
| 105 |
| 106 def join(self, seq): |
| 107 return self.__class__(unicode.join(self, imap(escape, seq))) |
| 108 join.__doc__ = unicode.join.__doc__ |
| 109 |
| 110 def split(self, *args, **kwargs): |
| 111 return map(self.__class__, unicode.split(self, *args, **kwargs)) |
| 112 split.__doc__ = unicode.split.__doc__ |
| 113 |
| 114 def rsplit(self, *args, **kwargs): |
| 115 return map(self.__class__, unicode.rsplit(self, *args, **kwargs)) |
| 116 rsplit.__doc__ = unicode.rsplit.__doc__ |
| 117 |
| 118 def splitlines(self, *args, **kwargs): |
| 119 return map(self.__class__, unicode.splitlines(self, *args, **kwargs)) |
| 120 splitlines.__doc__ = unicode.splitlines.__doc__ |
| 121 |
| 122 def unescape(self): |
| 123 r"""Unescape markup again into an unicode string. This also resolves |
| 124 known HTML4 and XHTML entities: |
| 125 |
| 126 >>> Markup("Main » <em>About</em>").unescape() |
| 127 u'Main \xbb <em>About</em>' |
| 128 """ |
| 129 from jinja2._markupsafe._constants import HTML_ENTITIES |
| 130 def handle_match(m): |
| 131 name = m.group(1) |
| 132 if name in HTML_ENTITIES: |
| 133 return unichr(HTML_ENTITIES[name]) |
| 134 try: |
| 135 if name[:2] in ('#x', '#X'): |
| 136 return unichr(int(name[2:], 16)) |
| 137 elif name.startswith('#'): |
| 138 return unichr(int(name[1:])) |
| 139 except ValueError: |
| 140 pass |
| 141 return u'' |
| 142 return _entity_re.sub(handle_match, unicode(self)) |
| 143 |
| 144 def striptags(self): |
| 145 r"""Unescape markup into an unicode string and strip all tags. This |
| 146 also resolves known HTML4 and XHTML entities. Whitespace is |
| 147 normalized to one: |
| 148 |
| 149 >>> Markup("Main » <em>About</em>").striptags() |
| 150 u'Main \xbb About' |
| 151 """ |
| 152 stripped = u' '.join(_striptags_re.sub('', self).split()) |
| 153 return Markup(stripped).unescape() |
| 154 |
| 155 @classmethod |
| 156 def escape(cls, s): |
| 157 """Escape the string. Works like :func:`escape` with the difference |
| 158 that for subclasses of :class:`Markup` this function would return the |
| 159 correct subclass. |
| 160 """ |
| 161 rv = escape(s) |
| 162 if rv.__class__ is not cls: |
| 163 return cls(rv) |
| 164 return rv |
| 165 |
| 166 def make_wrapper(name): |
| 167 orig = getattr(unicode, name) |
| 168 def func(self, *args, **kwargs): |
| 169 args = _escape_argspec(list(args), enumerate(args)) |
| 170 _escape_argspec(kwargs, kwargs.iteritems()) |
| 171 return self.__class__(orig(self, *args, **kwargs)) |
| 172 func.__name__ = orig.__name__ |
| 173 func.__doc__ = orig.__doc__ |
| 174 return func |
| 175 |
| 176 for method in '__getitem__', 'capitalize', \ |
| 177 'title', 'lower', 'upper', 'replace', 'ljust', \ |
| 178 'rjust', 'lstrip', 'rstrip', 'center', 'strip', \ |
| 179 'translate', 'expandtabs', 'swapcase', 'zfill': |
| 180 locals()[method] = make_wrapper(method) |
| 181 |
| 182 # new in python 2.5 |
| 183 if hasattr(unicode, 'partition'): |
| 184 partition = make_wrapper('partition'), |
| 185 rpartition = make_wrapper('rpartition') |
| 186 |
| 187 # new in python 2.6 |
| 188 if hasattr(unicode, 'format'): |
| 189 format = make_wrapper('format') |
| 190 |
| 191 # not in python 3 |
| 192 if hasattr(unicode, '__getslice__'): |
| 193 __getslice__ = make_wrapper('__getslice__') |
| 194 |
| 195 del method, make_wrapper |
| 196 |
| 197 |
| 198 def _escape_argspec(obj, iterable): |
| 199 """Helper for various string-wrapped functions.""" |
| 200 for key, value in iterable: |
| 201 if hasattr(value, '__html__') or isinstance(value, basestring): |
| 202 obj[key] = escape(value) |
| 203 return obj |
| 204 |
| 205 |
| 206 class _MarkupEscapeHelper(object): |
| 207 """Helper for Markup.__mod__""" |
| 208 |
| 209 def __init__(self, obj): |
| 210 self.obj = obj |
| 211 |
| 212 __getitem__ = lambda s, x: _MarkupEscapeHelper(s.obj[x]) |
| 213 __str__ = lambda s: str(escape(s.obj)) |
| 214 __unicode__ = lambda s: unicode(escape(s.obj)) |
| 215 __repr__ = lambda s: str(escape(repr(s.obj))) |
| 216 __int__ = lambda s: int(s.obj) |
| 217 __float__ = lambda s: float(s.obj) |
| 218 |
| 219 |
| 220 # we have to import it down here as the speedups and native |
| 221 # modules imports the markup type which is define above. |
| 222 try: |
| 223 from jinja2._markupsafe._speedups import escape, escape_silent, soft_unicode |
| 224 except ImportError: |
| 225 from jinja2._markupsafe._native import escape, escape_silent, soft_unicode |
OLD | NEW |