From 6e7ce8d1af8c6fcf7d00992b1c8ef0e8c1602479 Mon Sep 17 00:00:00 2001 From: Christopher Allan Webber Date: Sun, 12 Jun 2011 17:27:37 -0500 Subject: mediagoblin.globals->mediagoblin.mg_globals --- mediagoblin/util.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'mediagoblin/util.py') diff --git a/mediagoblin/util.py b/mediagoblin/util.py index 64e21ca9..f29f8570 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -31,7 +31,7 @@ import translitcodec from paste.deploy.loadwsgi import NicerConfigParser from webob import Response, exc -from mediagoblin import globals as mgoblin_globals +from mediagoblin import mg_globals from mediagoblin.db.util import ObjectId @@ -102,8 +102,8 @@ def get_jinja_env(template_loader, locale): extensions=['jinja2.ext.i18n']) template_env.install_gettext_callables( - mgoblin_globals.translations.gettext, - mgoblin_globals.translations.ngettext) + mg_globals.translations.gettext, + mg_globals.translations.ngettext) if exists(locale): SETUP_JINJA_ENVS[locale] = template_env @@ -264,9 +264,9 @@ def send_email(from_addr, to_addrs, subject, message_body): - message_body: email body text """ # TODO: make a mock mhost if testing is enabled - if TESTS_ENABLED or mgoblin_globals.email_debug_mode: + if TESTS_ENABLED or mg_globals.email_debug_mode: mhost = FakeMhost() - elif not mgoblin_globals.email_debug_mode: + elif not mg_globals.email_debug_mode: mhost = smtplib.SMTP() mhost.connect() @@ -279,7 +279,7 @@ def send_email(from_addr, to_addrs, subject, message_body): if TESTS_ENABLED: EMAIL_TEST_INBOX.append(message) - if getattr(mgoblin_globals, 'email_debug_mode', False): + if getattr(mg_globals, 'email_debug_mode', False): print u"===== Email =====" print u"From address: %s" % message['From'] print u"To addresses: %s" % message['To'] @@ -393,7 +393,7 @@ def setup_gettext(locale): if exists(locale): SETUP_GETTEXTS[locale] = this_gettext - mgoblin_globals.setup_globals( + mg_globals.setup_globals( translations=this_gettext) -- cgit v1.2.3 From a68ee5556e2cf78abd1e87546f8627ec07c1f89d Mon Sep 17 00:00:00 2001 From: Christopher Allan Webber Date: Mon, 13 Jun 2011 21:01:19 -0500 Subject: A super strict HTML cleaner method with mediocre tests. --- mediagoblin/util.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'mediagoblin/util.py') diff --git a/mediagoblin/util.py b/mediagoblin/util.py index f29f8570..fc380f41 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -30,6 +30,7 @@ import jinja2 import translitcodec from paste.deploy.loadwsgi import NicerConfigParser from webob import Response, exc +from lxml.html.clean import Cleaner from mediagoblin import mg_globals from mediagoblin.db.util import ObjectId @@ -373,6 +374,32 @@ def read_config_file(conf_file): return mgoblin_conf +# A super strict version of the lxml.html cleaner class +HTML_CLEANER = Cleaner( + scripts=True, + javascript=True, + comments=True, + style=True, + links=True, + page_structure=True, + processing_instructions=True, + embedded=True, + frames=True, + forms=True, + annoying_tags=True, + allow_tags=[ + 'div', 'b', 'i', 'em', 'strong', 'p', 'ul', 'ol', 'li', 'a', 'br'], + remove_unknown_tags=False, # can't be used with allow_tags + safe_attrs_only=True, + add_nofollow=True, # for now + host_whitelist=(), + whitelist_tags=set([])) + + +def clean_html(html): + return HTML_CLEANER.clean_html(html) + + SETUP_GETTEXTS = {} def setup_gettext(locale): -- cgit v1.2.3