[PATCH 1 of 3 sherpa V2] Activate jinja2 autoescaping

Sylvain Thenault sylvain.thenault at logilab.fr
Fri Feb 24 09:49:17 CET 2017


# HG changeset patch
# User Sylvain Thénault <sylvain.thenault at logilab.fr>
# Date 1487924268 -3600
#      Fri Feb 24 09:17:48 2017 +0100
# Node ID 712aa8b2d0d12c90e78ee1cdd026b7c0465500e5
# Parent  8b1cf160d386e71f9377e81497b629ce093dd80f
Activate jinja2 autoescaping

since this is one of the awaited benefit.

Add a .html extension to templates to activate auto-escaping (and likely trigger
proper colorization in your editor as bonus point).

diff --git a/MANIFEST.in b/MANIFEST.in
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,9 +1,9 @@
 recursive-include cubicweb_sherpa *.py
 recursive-include cubicweb_sherpa/data *.gif *.png *.ico *.css *.js *.otf *.ttf *.txt
 recursive-include cubicweb_sherpa/i18n *.po
-include cubicweb_sherpa/views/templates/*.jinja2
+include cubicweb_sherpa/views/templates/*.html
 include tox.ini
 include doc/Makefile doc/conf.py doc/*.rst
 
 prune __pkginfo__.py
 prune docker
diff --git a/cubicweb_sherpa/__pkginfo__.py b/cubicweb_sherpa/__pkginfo__.py
--- a/cubicweb_sherpa/__pkginfo__.py
+++ b/cubicweb_sherpa/__pkginfo__.py
@@ -17,11 +17,11 @@ web = 'http://www.cubicweb.org/project/%
     'six': '>= 1.4.0',
     'cubicweb-seda': None,
     'cubicweb-registration': None,
     'cubicweb-rememberme': None,
     'cubicweb-relationwidget': None,
-    'jinja2': None,
+    'jinja2': '>= 2.9',
 }
 
 __recommends__ = {}
 
 classifiers = [
diff --git a/cubicweb_sherpa/views/__init__.py b/cubicweb_sherpa/views/__init__.py
--- a/cubicweb_sherpa/views/__init__.py
+++ b/cubicweb_sherpa/views/__init__.py
@@ -13,23 +13,24 @@
 # details.
 #
 # You should have received a copy of the GNU Lesser General Public License along
 # with this program. If not, see <http://www.gnu.org/licenses/>.
 
-from jinja2 import Environment, PackageLoader
+from jinja2 import Environment, PackageLoader, select_autoescape
 
 from cubicweb.view import View
 from cubicweb.web.views import urlrewrite, startup
 
-_JINJA_ENV = Environment(loader=PackageLoader('cubicweb_sherpa.views'))
+_JINJA_ENV = Environment(loader=PackageLoader('cubicweb_sherpa.views'),
+                         autoescape=select_autoescape(enabled_extensions=('html',)))
 
 
 def jinja_render(template_name, **ctx):
     """Return a string containing result of rendering of Jinja2's `template_name` with
     `ctx` as context.
     """
-    template = _JINJA_ENV.get_template(template_name + '.jinja2')
+    template = _JINJA_ENV.get_template(template_name + '.jinja2.html')
     return template.render(**ctx)
 
 
 class JinjaStaticView(View):
     """Abstract base class to render static pages from a jinja template."""
diff --git a/cubicweb_sherpa/views/templates/index.jinja2 b/cubicweb_sherpa/views/templates/index.jinja2.html
rename from cubicweb_sherpa/views/templates/index.jinja2
rename to cubicweb_sherpa/views/templates/index.jinja2.html
diff --git a/cubicweb_sherpa/views/templates/maintemplate.jinja2 b/cubicweb_sherpa/views/templates/maintemplate.jinja2.html
rename from cubicweb_sherpa/views/templates/maintemplate.jinja2
rename to cubicweb_sherpa/views/templates/maintemplate.jinja2.html
--- a/cubicweb_sherpa/views/templates/maintemplate.jinja2
+++ b/cubicweb_sherpa/views/templates/maintemplate.jinja2.html
@@ -13,24 +13,24 @@
             <h1>Service Hébergé pour la Rédaction de Profils d'Archivage</h1>
           </div>
         </a>
       </div>
       <div class="col-md-3 col-xs-4">
-        {{ right_header_component }}
+        {{ right_header_component|safe }}
       </div>
     </div>
   </nav>
   {% if breadcrumbs %}
   <nav role="navigation" class="breadcrumbs_wrapper">
     <div class="col-md-offset-2">
-      {{ breadcrumbs }}
+      {{ breadcrumbs|safe }}
     </div>
   </nav>
   {% endif %}
   <div id="{{page_id}}" class="container-fluid" role="main">
     <aside id="aside-main-left" class="col-md-2 cwjs-aside">
-      {{ left_boxes }}
+      {{ left_boxes|safe }}
       <div class="panel panel-default contextFreeBox facet_filterbox" id="facet_filterbox">
         <div class="panel-heading">
           <div class="panel-title">navigation</div>
         </div>
         <div class="panel-body">
@@ -41,13 +41,13 @@
           </ul>
         </div>
       </div>
     </aside>
     <div class="col-md-10 page-content" id="pageContent">
-      {{ application_message }}
-      {{ contextual_components }}
-      {{ page_content }}
+      {{ application_message|safe }}
+      {{ contextual_components|safe }}
+      {{ page_content|safe }}
     </div>
   </div>
   <div class="container-fluid">
     <footer role="contentinfo" id="pagefooter">
       <section class="links">
diff --git a/cubicweb_sherpa/views/templates/project.jinja2 b/cubicweb_sherpa/views/templates/project.jinja2.html
rename from cubicweb_sherpa/views/templates/project.jinja2
rename to cubicweb_sherpa/views/templates/project.jinja2.html
diff --git a/cubicweb_sherpa/views/templates/seda.jinja2 b/cubicweb_sherpa/views/templates/seda.jinja2.html
rename from cubicweb_sherpa/views/templates/seda.jinja2
rename to cubicweb_sherpa/views/templates/seda.jinja2.html
diff --git a/cubicweb_sherpa/views/templates/utilisation.jinja2 b/cubicweb_sherpa/views/templates/utilisation.jinja2.html
rename from cubicweb_sherpa/views/templates/utilisation.jinja2
rename to cubicweb_sherpa/views/templates/utilisation.jinja2.html


More information about the saem-devel mailing list