[PATCH 1 of 2 sherpa] Activate jinja2 autoescaping

Sylvain Thénault sylvain.thenault at logilab.fr
Fri Feb 24 09:41:25 CET 2017


will send a v2 improving this series


Le 24/02/2017 à 09:26, Sylvain Thenault a écrit :
> # HG changeset patch
> # User Sylvain Thénault <sylvain.thenault at logilab.fr>
> # Date 1487924268 -3600
> #      Fri Feb 24 09:17:48 2017 +0100
> # Node ID 93070cb61b6f73602457dcbe0214797fa46bd4a6
> # Parent  8b1cf160d386e71f9377e81497b629ce093dd80f
> Activate jinja2 autoescaping
>
> since this is one of the awaited benefit.
>
> Add a .html extension to templates to activate auto-escaping (and likely trigger
> proper colorization in your editor as bonus point).
>
> diff --git a/cubicweb_sherpa/__pkginfo__.py b/cubicweb_sherpa/__pkginfo__.py
> --- a/cubicweb_sherpa/__pkginfo__.py
> +++ b/cubicweb_sherpa/__pkginfo__.py
> @@ -17,11 +17,11 @@ web = 'http://www.cubicweb.org/project/%
>      'six': '>= 1.4.0',
>      'cubicweb-seda': None,
>      'cubicweb-registration': None,
>      'cubicweb-rememberme': None,
>      'cubicweb-relationwidget': None,
> -    'jinja2': None,
> +    'jinja2': '>= 2.9',
>  }
>  
>  __recommends__ = {}
>  
>  classifiers = [
> diff --git a/cubicweb_sherpa/views/__init__.py b/cubicweb_sherpa/views/__init__.py
> --- a/cubicweb_sherpa/views/__init__.py
> +++ b/cubicweb_sherpa/views/__init__.py
> @@ -13,23 +13,24 @@
>  # details.
>  #
>  # You should have received a copy of the GNU Lesser General Public License along
>  # with this program. If not, see <http://www.gnu.org/licenses/>.
>  
> -from jinja2 import Environment, PackageLoader
> +from jinja2 import Environment, PackageLoader, select_autoescape
>  
>  from cubicweb.view import View
>  from cubicweb.web.views import urlrewrite, startup
>  
> -_JINJA_ENV = Environment(loader=PackageLoader('cubicweb_sherpa.views'))
> +_JINJA_ENV = Environment(loader=PackageLoader('cubicweb_sherpa.views'),
> +                         autoescape=select_autoescape(enabled_extensions=('html',)))
>  
>  
>  def jinja_render(template_name, **ctx):
>      """Return a string containing result of rendering of Jinja2's `template_name` with
>      `ctx` as context.
>      """
> -    template = _JINJA_ENV.get_template(template_name + '.jinja2')
> +    template = _JINJA_ENV.get_template(template_name + '.jinja2.html')
>      return template.render(**ctx)
>  
>  
>  class JinjaStaticView(View):
>      """Abstract base class to render static pages from a jinja template."""
> diff --git a/cubicweb_sherpa/views/templates/index.jinja2 b/cubicweb_sherpa/views/templates/index.jinja2.html
> rename from cubicweb_sherpa/views/templates/index.jinja2
> rename to cubicweb_sherpa/views/templates/index.jinja2.html
> diff --git a/cubicweb_sherpa/views/templates/maintemplate.jinja2 b/cubicweb_sherpa/views/templates/maintemplate.jinja2.html
> rename from cubicweb_sherpa/views/templates/maintemplate.jinja2
> rename to cubicweb_sherpa/views/templates/maintemplate.jinja2.html
> --- a/cubicweb_sherpa/views/templates/maintemplate.jinja2
> +++ b/cubicweb_sherpa/views/templates/maintemplate.jinja2.html
> @@ -13,24 +13,24 @@
>              <h1>Service Hébergé pour la Rédaction de Profils d'Archivage</h1>
>            </div>
>          </a>
>        </div>
>        <div class="col-md-3 col-xs-4">
> -        {{ right_header_component }}
> +        {{ right_header_component|safe }}
>        </div>
>      </div>
>    </nav>
>    {% if breadcrumbs %}
>    <nav role="navigation" class="breadcrumbs_wrapper">
>      <div class="col-md-offset-2">
> -      {{ breadcrumbs }}
> +      {{ breadcrumbs|safe }}
>      </div>
>    </nav>
>    {% endif %}
>    <div id="{{page_id}}" class="container-fluid" role="main">
>      <aside id="aside-main-left" class="col-md-2 cwjs-aside">
> -      {{ left_boxes }}
> +      {{ left_boxes|safe }}
>        <div class="panel panel-default contextFreeBox facet_filterbox" id="facet_filterbox">
>          <div class="panel-heading">
>            <div class="panel-title">navigation</div>
>          </div>
>          <div class="panel-body">
> @@ -41,13 +41,13 @@
>            </ul>
>          </div>
>        </div>
>      </aside>
>      <div class="col-md-10 page-content" id="pageContent">
> -      {{ application_message }}
> -      {{ contextual_components }}
> -      {{ page_content }}
> +      {{ application_message|safe }}
> +      {{ contextual_components|safe }}
> +      {{ page_content|safe }}
>      </div>
>    </div>
>    <div class="container-fluid">
>      <footer role="contentinfo" id="pagefooter">
>        <section class="links">
> diff --git a/cubicweb_sherpa/views/templates/project.jinja2 b/cubicweb_sherpa/views/templates/project.jinja2.html
> rename from cubicweb_sherpa/views/templates/project.jinja2
> rename to cubicweb_sherpa/views/templates/project.jinja2.html
> diff --git a/cubicweb_sherpa/views/templates/seda.jinja2 b/cubicweb_sherpa/views/templates/seda.jinja2.html
> rename from cubicweb_sherpa/views/templates/seda.jinja2
> rename to cubicweb_sherpa/views/templates/seda.jinja2.html
> diff --git a/cubicweb_sherpa/views/templates/utilisation.jinja2 b/cubicweb_sherpa/views/templates/utilisation.jinja2.html
> rename from cubicweb_sherpa/views/templates/utilisation.jinja2
> rename to cubicweb_sherpa/views/templates/utilisation.jinja2.html
>

-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the saem-devel mailing list