2007-12-11 13:49:11 +08:00
|
|
|
"""HTML utilities suitable for global use."""
|
2005-07-13 09:25:57 +08:00
|
|
|
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
import re
|
|
|
|
import string
|
2007-07-16 13:28:13 +08:00
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
from django.utils.safestring import SafeData, mark_safe
|
2007-07-16 13:28:13 +08:00
|
|
|
from django.utils.encoding import force_unicode
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
from django.utils.functional import allow_lazy
|
2007-11-17 20:12:40 +08:00
|
|
|
from django.utils.http import urlquote
|
2011-07-29 18:22:25 +08:00
|
|
|
from django.utils.text import normalize_newlines
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2007-12-11 13:49:11 +08:00
|
|
|
# Configuration for urlize() function.
|
2005-07-13 09:25:57 +08:00
|
|
|
LEADING_PUNCTUATION = ['(', '<', '<']
|
|
|
|
TRAILING_PUNCTUATION = ['.', ',', ')', '>', '\n', '>']
|
|
|
|
|
2007-12-11 13:49:11 +08:00
|
|
|
# List of possible strings used for bullets in bulleted lists.
|
2011-04-28 22:08:53 +08:00
|
|
|
DOTS = [u'·', u'*', u'\u2022', u'•', u'•', u'•']
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2005-09-03 02:51:14 +08:00
|
|
|
unencoded_ampersands_re = re.compile(r'&(?!(\w+|#\d+);)')
|
2012-01-08 02:15:28 +08:00
|
|
|
unquoted_percents_re = re.compile(r'%(?![0-9A-Fa-f]{2})')
|
2005-09-03 02:51:14 +08:00
|
|
|
word_split_re = re.compile(r'(\s+)')
|
|
|
|
punctuation_re = re.compile('^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % \
|
2006-01-19 09:06:12 +08:00
|
|
|
('|'.join([re.escape(x) for x in LEADING_PUNCTUATION]),
|
|
|
|
'|'.join([re.escape(x) for x in TRAILING_PUNCTUATION])))
|
2005-09-03 02:51:14 +08:00
|
|
|
simple_email_re = re.compile(r'^\S+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+$')
|
|
|
|
link_target_attribute_re = re.compile(r'(<a [^>]*?)target=[^\s>]+')
|
|
|
|
html_gunk_re = re.compile(r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE)
|
2006-01-19 09:06:12 +08:00
|
|
|
hard_coded_bullets_re = re.compile(r'((?:<p>(?:%s).*?[a-zA-Z].*?</p>\s*)+)' % '|'.join([re.escape(x) for x in DOTS]), re.DOTALL)
|
2005-09-03 02:51:14 +08:00
|
|
|
trailing_empty_content_re = re.compile(r'(?:<p>(?: |\s|<br \/>)*?</p>\s*)+\Z')
|
2006-01-19 09:06:12 +08:00
|
|
|
del x # Temporary variable
|
2005-07-13 09:25:57 +08:00
|
|
|
|
|
|
|
def escape(html):
|
Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.
Thanks to all the respective authors of those tickets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-04 02:30:54 +08:00
|
|
|
"""
|
|
|
|
Returns the given HTML with ampersands, quotes and angle brackets encoded.
|
|
|
|
"""
|
2007-11-14 20:58:53 +08:00
|
|
|
return mark_safe(force_unicode(html).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", '''))
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
escape = allow_lazy(escape, unicode)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2011-01-03 01:34:52 +08:00
|
|
|
_base_js_escapes = (
|
|
|
|
('\\', r'\u005C'),
|
|
|
|
('\'', r'\u0027'),
|
|
|
|
('"', r'\u0022'),
|
|
|
|
('>', r'\u003E'),
|
|
|
|
('<', r'\u003C'),
|
|
|
|
('&', r'\u0026'),
|
|
|
|
('=', r'\u003D'),
|
|
|
|
('-', r'\u002D'),
|
|
|
|
(';', r'\u003B'),
|
|
|
|
(u'\u2028', r'\u2028'),
|
|
|
|
(u'\u2029', r'\u2029')
|
|
|
|
)
|
|
|
|
|
|
|
|
# Escape every ASCII character with a value less than 32.
|
|
|
|
_js_escapes = (_base_js_escapes +
|
|
|
|
tuple([('%c' % z, '\\u%04X' % z) for z in range(32)]))
|
|
|
|
|
|
|
|
def escapejs(value):
|
|
|
|
"""Hex encodes characters for use in JavaScript strings."""
|
|
|
|
for bad, good in _js_escapes:
|
|
|
|
value = mark_safe(force_unicode(value).replace(bad, good))
|
|
|
|
return value
|
|
|
|
escapejs = allow_lazy(escapejs, unicode)
|
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
def conditional_escape(html):
|
|
|
|
"""
|
|
|
|
Similar to escape(), except that it doesn't operate on pre-escaped strings.
|
|
|
|
"""
|
|
|
|
if isinstance(html, SafeData):
|
|
|
|
return html
|
|
|
|
else:
|
|
|
|
return escape(html)
|
|
|
|
|
|
|
|
def linebreaks(value, autoescape=False):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Converts newlines into <p> and <br />s."""
|
2011-07-29 18:22:25 +08:00
|
|
|
value = normalize_newlines(value)
|
2005-07-13 09:25:57 +08:00
|
|
|
paras = re.split('\n{2,}', value)
|
2007-11-14 20:58:53 +08:00
|
|
|
if autoescape:
|
2009-03-31 06:39:13 +08:00
|
|
|
paras = [u'<p>%s</p>' % escape(p).replace('\n', '<br />') for p in paras]
|
2007-11-14 20:58:53 +08:00
|
|
|
else:
|
2009-03-31 06:39:13 +08:00
|
|
|
paras = [u'<p>%s</p>' % p.replace('\n', '<br />') for p in paras]
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return u'\n\n'.join(paras)
|
2007-12-11 13:49:11 +08:00
|
|
|
linebreaks = allow_lazy(linebreaks, unicode)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
|
|
|
def strip_tags(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with all tags stripped."""
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return re.sub(r'<[^>]*?>', '', force_unicode(value))
|
|
|
|
strip_tags = allow_lazy(strip_tags)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2006-01-15 09:51:30 +08:00
|
|
|
def strip_spaces_between_tags(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with spaces between tags removed."""
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return re.sub(r'>\s+<', '><', force_unicode(value))
|
|
|
|
strip_spaces_between_tags = allow_lazy(strip_spaces_between_tags, unicode)
|
2006-01-15 09:51:30 +08:00
|
|
|
|
2005-07-13 09:25:57 +08:00
|
|
|
def strip_entities(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with all entities (&something;) stripped."""
|
2007-07-15 13:03:28 +08:00
|
|
|
return re.sub(r'&(?:\w+|#\d+);', '', force_unicode(value))
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
strip_entities = allow_lazy(strip_entities, unicode)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
|
|
|
def fix_ampersands(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with all unencoded ampersands encoded correctly."""
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return unencoded_ampersands_re.sub('&', force_unicode(value))
|
|
|
|
fix_ampersands = allow_lazy(fix_ampersands, unicode)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2012-01-08 02:15:28 +08:00
|
|
|
def smart_urlquote(url):
|
|
|
|
"""Quotes an URL if it isn't already quoted."""
|
|
|
|
# An URL is considered unquoted if it contains no % character, or if it
|
|
|
|
# contains a % not followed by two hexadecimal digits. See #9655.
|
|
|
|
if '%' not in url or unquoted_percents_re.search(url):
|
|
|
|
# See http://bugs.python.org/issue2637
|
|
|
|
return urlquote(url, safe='!*\'();:@&=+$,/?#[]~')
|
|
|
|
return url
|
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2007-12-11 13:49:11 +08:00
|
|
|
Converts any URLs in text into clickable links.
|
2007-07-16 13:28:13 +08:00
|
|
|
|
2008-06-26 13:07:13 +08:00
|
|
|
Works on http://, https://, www. links and links ending in .org, .net or
|
|
|
|
.com. Links can have trailing punctuation (periods, commas, close-parens)
|
|
|
|
and leading punctuation (opening parens) and it'll still do the right
|
|
|
|
thing.
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2007-06-23 11:10:32 +08:00
|
|
|
If trim_url_limit is not None, the URLs in link text longer than this limit
|
|
|
|
will truncated to trim_url_limit-3 characters and appended with an elipsis.
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2007-06-23 11:10:32 +08:00
|
|
|
If nofollow is True, the URLs in link text will get a rel="nofollow"
|
|
|
|
attribute.
|
2008-06-26 13:07:13 +08:00
|
|
|
|
|
|
|
If autoescape is True, the link text and URLs will get autoescaped.
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2008-06-26 13:07:13 +08:00
|
|
|
trim_url = lambda x, limit=trim_url_limit: limit is not None and (len(x) > limit and ('%s...' % x[:max(0, limit - 3)])) or x
|
2007-11-14 20:58:53 +08:00
|
|
|
safe_input = isinstance(text, SafeData)
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
words = word_split_re.split(force_unicode(text))
|
2005-07-13 09:25:57 +08:00
|
|
|
nofollow_attr = nofollow and ' rel="nofollow"' or ''
|
|
|
|
for i, word in enumerate(words):
|
2008-07-20 02:05:22 +08:00
|
|
|
match = None
|
|
|
|
if '.' in word or '@' in word or ':' in word:
|
|
|
|
match = punctuation_re.match(word)
|
2005-07-13 09:25:57 +08:00
|
|
|
if match:
|
|
|
|
lead, middle, trail = match.groups()
|
2008-06-26 13:07:13 +08:00
|
|
|
# Make URL we want to point to.
|
|
|
|
url = None
|
2005-07-13 09:25:57 +08:00
|
|
|
if middle.startswith('http://') or middle.startswith('https://'):
|
2012-01-08 02:15:28 +08:00
|
|
|
url = smart_urlquote(middle)
|
2008-06-26 13:07:13 +08:00
|
|
|
elif middle.startswith('www.') or ('@' not in middle and \
|
2008-07-20 02:05:22 +08:00
|
|
|
middle and middle[0] in string.ascii_letters + string.digits and \
|
2008-06-26 13:07:13 +08:00
|
|
|
(middle.endswith('.org') or middle.endswith('.net') or middle.endswith('.com'))):
|
2012-01-08 02:15:28 +08:00
|
|
|
url = smart_urlquote('http://%s' % middle)
|
2008-06-26 13:07:13 +08:00
|
|
|
elif '@' in middle and not ':' in middle and simple_email_re.match(middle):
|
|
|
|
url = 'mailto:%s' % middle
|
|
|
|
nofollow_attr = ''
|
|
|
|
# Make link.
|
|
|
|
if url:
|
|
|
|
trimmed = trim_url(middle)
|
2008-02-03 16:54:26 +08:00
|
|
|
if autoescape and not safe_input:
|
|
|
|
lead, trail = escape(lead), escape(trail)
|
2008-06-26 13:07:13 +08:00
|
|
|
url, trimmed = escape(url), escape(trimmed)
|
|
|
|
middle = '<a href="%s"%s>%s</a>' % (url, nofollow_attr, trimmed)
|
2008-02-03 16:54:26 +08:00
|
|
|
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
|
2008-06-26 13:07:13 +08:00
|
|
|
else:
|
|
|
|
if safe_input:
|
|
|
|
words[i] = mark_safe(word)
|
|
|
|
elif autoescape:
|
|
|
|
words[i] = escape(word)
|
2007-11-17 20:12:40 +08:00
|
|
|
elif safe_input:
|
|
|
|
words[i] = mark_safe(word)
|
|
|
|
elif autoescape:
|
|
|
|
words[i] = escape(word)
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return u''.join(words)
|
|
|
|
urlize = allow_lazy(urlize, unicode)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
|
|
|
def clean_html(text):
|
|
|
|
"""
|
2007-07-16 13:28:13 +08:00
|
|
|
Clean the given HTML. Specifically, do the following:
|
|
|
|
* Convert <b> and <i> to <strong> and <em>.
|
|
|
|
* Encode all ampersands correctly.
|
|
|
|
* Remove all "target" attributes from <a> tags.
|
|
|
|
* Remove extraneous HTML, such as presentational tags that open and
|
2005-07-13 09:25:57 +08:00
|
|
|
immediately close and <br clear="all">.
|
2007-07-16 13:28:13 +08:00
|
|
|
* Convert hard-coded bullets into HTML unordered lists.
|
|
|
|
* Remove stuff like "<p> </p>", but only if it's at the
|
2005-07-13 09:25:57 +08:00
|
|
|
bottom of the text.
|
|
|
|
"""
|
|
|
|
from django.utils.text import normalize_newlines
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
text = normalize_newlines(force_unicode(text))
|
2005-07-13 09:25:57 +08:00
|
|
|
text = re.sub(r'<(/?)\s*b\s*>', '<\\1strong>', text)
|
|
|
|
text = re.sub(r'<(/?)\s*i\s*>', '<\\1em>', text)
|
|
|
|
text = fix_ampersands(text)
|
|
|
|
# Remove all target="" attributes from <a> tags.
|
2005-09-03 02:51:14 +08:00
|
|
|
text = link_target_attribute_re.sub('\\1', text)
|
2005-07-13 09:25:57 +08:00
|
|
|
# Trim stupid HTML such as <br clear="all">.
|
2005-09-03 02:51:14 +08:00
|
|
|
text = html_gunk_re.sub('', text)
|
2005-07-13 09:25:57 +08:00
|
|
|
# Convert hard-coded bullets into HTML unordered lists.
|
|
|
|
def replace_p_tags(match):
|
2011-04-28 22:08:53 +08:00
|
|
|
s = match.group().replace(u'</p>', u'</li>')
|
2005-07-13 09:25:57 +08:00
|
|
|
for d in DOTS:
|
2011-04-28 22:08:53 +08:00
|
|
|
s = s.replace(u'<p>%s' % d, u'<li>')
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
return u'<ul>\n%s\n</ul>' % s
|
2005-09-03 02:51:14 +08:00
|
|
|
text = hard_coded_bullets_re.sub(replace_p_tags, text)
|
2007-07-16 13:28:13 +08:00
|
|
|
# Remove stuff like "<p> </p>", but only if it's at the bottom
|
|
|
|
# of the text.
|
2011-04-28 22:08:53 +08:00
|
|
|
text = trailing_empty_content_re.sub(u'', text)
|
2005-07-13 09:25:57 +08:00
|
|
|
return text
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
clean_html = allow_lazy(clean_html, unicode)
|