관리-도구
편집 파일: filters.py
# mako/filters.py # Copyright 2006-2019 the Mako authors and contributors <see AUTHORS file> # # This module is part of Mako and is released under # the MIT License: http://www.opensource.org/licenses/mit-license.php import codecs import re from mako import compat from mako.compat import codepoint2name from mako.compat import name2codepoint from mako.compat import quote_plus from mako.compat import unquote_plus xml_escapes = { "&": "&", ">": ">", "<": "<", '"': """, # also " in html-only "'": "'", # also ' in html-only } # XXX: " is valid in HTML and XML # ' is not valid HTML, but is valid XML def legacy_html_escape(s): """legacy HTML escape for non-unicode mode.""" s = s.replace("&", "&") s = s.replace(">", ">") s = s.replace("<", "<") s = s.replace('"', """) s = s.replace("'", "'") return s try: import markupsafe html_escape = markupsafe.escape except ImportError: html_escape = legacy_html_escape def xml_escape(string): return re.sub(r'([&<"\'>])', lambda m: xml_escapes[m.group()], string) def url_escape(string): # convert into a list of octets string = string.encode("utf8") return quote_plus(string) def legacy_url_escape(string): # convert into a list of octets return quote_plus(string) def url_unescape(string): text = unquote_plus(string) if not is_ascii_str(text): text = text.decode("utf8") return text def trim(string): return string.strip() class Decode(object): def __getattr__(self, key): def decode(x): if isinstance(x, compat.text_type): return x elif not isinstance(x, compat.binary_type): return decode(str(x)) else: return compat.text_type(x, encoding=key) return decode decode = Decode() _ASCII_re = re.compile(r"\A[\x00-\x7f]*\Z") def is_ascii_str(text): return isinstance(text, str) and _ASCII_re.match(text) ################################################################ class XMLEntityEscaper(object): def __init__(self, codepoint2name, name2codepoint): self.codepoint2entity = dict( [ (c, compat.text_type("&%s;" % n)) for c, n in codepoint2name.items() ] ) self.name2codepoint = name2codepoint def escape_entities(self, text): """Replace characters with their character entity references. Only characters corresponding to a named entity are replaced. """ return compat.text_type(text).translate(self.codepoint2entity) def __escape(self, m): codepoint = ord(m.group()) try: return self.codepoint2entity[codepoint] except (KeyError, IndexError): return "&#x%X;" % codepoint __escapable = re.compile(r'["&<>]|[^\x00-\x7f]') def escape(self, text): """Replace characters with their character references. Replace characters by their named entity references. Non-ASCII characters, if they do not have a named entity reference, are replaced by numerical character references. The return value is guaranteed to be ASCII. """ return self.__escapable.sub( self.__escape, compat.text_type(text) ).encode("ascii") # XXX: This regexp will not match all valid XML entity names__. # (It punts on details involving involving CombiningChars and Extenders.) # # .. __: http://www.w3.org/TR/2000/REC-xml-20001006#NT-EntityRef __characterrefs = re.compile( r"""& (?: \#(\d+) | \#x([\da-f]+) | ( (?!\d) [:\w] [-.:\w]+ ) ) ;""", re.X | re.UNICODE, ) def __unescape(self, m): dval, hval, name = m.groups() if dval: codepoint = int(dval) elif hval: codepoint = int(hval, 16) else: codepoint = self.name2codepoint.get(name, 0xFFFD) # U+FFFD = "REPLACEMENT CHARACTER" if codepoint < 128: return chr(codepoint) return chr(codepoint) def unescape(self, text): """Unescape character references. All character references (both entity references and numerical character references) are unescaped. """ return self.__characterrefs.sub(self.__unescape, text) _html_entities_escaper = XMLEntityEscaper(codepoint2name, name2codepoint) html_entities_escape = _html_entities_escaper.escape_entities html_entities_unescape = _html_entities_escaper.unescape def htmlentityreplace_errors(ex): """An encoding error handler. This python codecs error handler replaces unencodable characters with HTML entities, or, if no HTML entity exists for the character, XML character references:: >>> u'The cost was \u20ac12.'.encode('latin1', 'htmlentityreplace') 'The cost was €12.' """ if isinstance(ex, UnicodeEncodeError): # Handle encoding errors bad_text = ex.object[ex.start : ex.end] text = _html_entities_escaper.escape(bad_text) return (compat.text_type(text), ex.end) raise ex codecs.register_error("htmlentityreplace", htmlentityreplace_errors) # TODO: options to make this dynamic per-compilation will be added in a later # release DEFAULT_ESCAPES = { "x": "filters.xml_escape", "h": "filters.html_escape", "u": "filters.url_escape", "trim": "filters.trim", "entity": "filters.html_entities_escape", "unicode": "unicode", "decode": "decode", "str": "str", "n": "n", } if compat.py3k: DEFAULT_ESCAPES.update({"unicode": "str"}) NON_UNICODE_ESCAPES = DEFAULT_ESCAPES.copy() NON_UNICODE_ESCAPES["h"] = "filters.legacy_html_escape" NON_UNICODE_ESCAPES["u"] = "filters.legacy_url_escape"