2007-12-11 13:49:11 +08:00
|
|
|
"""HTML utilities suitable for global use."""
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2012-06-08 00:08:47 +08:00
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
import re
|
2014-08-11 19:24:51 +08:00
|
|
|
import warnings
|
2007-07-16 13:28:13 +08:00
|
|
|
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.utils import six
|
2014-08-11 19:24:51 +08:00
|
|
|
from django.utils.deprecation import RemovedInDjango20Warning
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.utils.encoding import force_str, force_text
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
from django.utils.functional import allow_lazy
|
2014-06-26 22:55:36 +08:00
|
|
|
from django.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
|
2014-10-16 09:03:40 +08:00
|
|
|
from django.utils.safestring import SafeData, SafeText, mark_safe
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.utils.six.moves.urllib.parse import (
|
|
|
|
parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit,
|
|
|
|
)
|
2011-07-29 18:22:25 +08:00
|
|
|
from django.utils.text import normalize_newlines
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2015-01-28 20:35:27 +08:00
|
|
|
from .html_parser import HTMLParseError, HTMLParser
|
2013-05-22 23:29:16 +08:00
|
|
|
|
2007-12-11 13:49:11 +08:00
|
|
|
# Configuration for urlize() function.
|
2014-10-31 19:04:01 +08:00
|
|
|
TRAILING_PUNCTUATION = ['.', ',', ':', ';', '.)', '"', '\'', '!']
|
2013-09-23 19:07:26 +08:00
|
|
|
WRAPPING_PUNCTUATION = [('(', ')'), ('<', '>'), ('[', ']'), ('<', '>'), ('"', '"'), ('\'', '\'')]
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2007-12-11 13:49:11 +08:00
|
|
|
# List of possible strings used for bullets in bulleted lists.
|
2012-06-08 00:08:47 +08:00
|
|
|
DOTS = ['·', '*', '\u2022', '•', '•', '•']
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2005-09-03 02:51:14 +08:00
|
|
|
unencoded_ampersands_re = re.compile(r'&(?!(\w+|#\d+);)')
|
2015-03-04 22:36:34 +08:00
|
|
|
word_split_re = re.compile(r'''([\s<>"']+)''')
|
2013-04-01 21:37:37 +08:00
|
|
|
simple_url_re = re.compile(r'^https?://\[?\w', re.IGNORECASE)
|
2014-07-04 04:37:56 +08:00
|
|
|
simple_url_2_re = re.compile(r'^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$', re.IGNORECASE)
|
2012-01-08 02:39:14 +08:00
|
|
|
simple_email_re = re.compile(r'^\S+@\S+\.\S+$')
|
2005-09-03 02:51:14 +08:00
|
|
|
link_target_attribute_re = re.compile(r'(<a [^>]*?)target=[^\s>]+')
|
2014-09-04 20:15:09 +08:00
|
|
|
html_gunk_re = re.compile(
|
|
|
|
r'(?:<br clear="all">|<i><\/i>|<b><\/b>|<em><\/em>|<strong><\/strong>|'
|
|
|
|
'<\/?smallcaps>|<\/?uppercase>)', re.IGNORECASE)
|
|
|
|
hard_coded_bullets_re = re.compile(
|
|
|
|
r'((?:<p>(?:%s).*?[a-zA-Z].*?</p>\s*)+)' % '|'.join(re.escape(x)
|
|
|
|
for x in DOTS), re.DOTALL)
|
2005-09-03 02:51:14 +08:00
|
|
|
trailing_empty_content_re = re.compile(r'(?:<p>(?: |\s|<br \/>)*?</p>\s*)+\Z')
|
2012-08-03 22:10:04 +08:00
|
|
|
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2012-06-30 23:41:51 +08:00
|
|
|
def escape(text):
|
Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.
Thanks to all the respective authors of those tickets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-04 02:30:54 +08:00
|
|
|
"""
|
2014-09-04 20:15:09 +08:00
|
|
|
Returns the given text with ampersands, quotes and angle brackets encoded
|
|
|
|
for use in HTML.
|
2014-12-24 05:29:01 +08:00
|
|
|
|
|
|
|
This function always escapes its input, even if it's already escaped and
|
|
|
|
marked as such. This may result in double-escaping. If this is a concern,
|
|
|
|
use conditional_escape() instead.
|
Fixed a whole bunch of small docs typos, errors, and ommissions.
Fixes #8358, #8396, #8724, #9043, #9128, #9247, #9267, #9267, #9375, #9409, #9414, #9416, #9446, #9454, #9464, #9503, #9518, #9533, #9657, #9658, #9683, #9733, #9771, #9835, #9836, #9837, #9897, #9906, #9912, #9945, #9986, #9992, #10055, #10084, #10091, #10145, #10245, #10257, #10309, #10358, #10359, #10424, #10426, #10508, #10531, #10551, #10635, #10637, #10656, #10658, #10690, #10699, #19528.
Thanks to all the respective authors of those tickets.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10371 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-04 02:30:54 +08:00
|
|
|
"""
|
2014-09-04 20:15:09 +08:00
|
|
|
return mark_safe(force_text(text).replace('&', '&').replace('<', '<')
|
|
|
|
.replace('>', '>').replace('"', '"').replace("'", '''))
|
2014-10-16 09:03:40 +08:00
|
|
|
escape = allow_lazy(escape, six.text_type, SafeText)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2012-09-18 18:28:49 +08:00
|
|
|
_js_escapes = {
|
|
|
|
ord('\\'): '\\u005C',
|
|
|
|
ord('\''): '\\u0027',
|
|
|
|
ord('"'): '\\u0022',
|
|
|
|
ord('>'): '\\u003E',
|
|
|
|
ord('<'): '\\u003C',
|
|
|
|
ord('&'): '\\u0026',
|
|
|
|
ord('='): '\\u003D',
|
|
|
|
ord('-'): '\\u002D',
|
|
|
|
ord(';'): '\\u003B',
|
|
|
|
ord('\u2028'): '\\u2028',
|
|
|
|
ord('\u2029'): '\\u2029'
|
|
|
|
}
|
2011-01-03 01:34:52 +08:00
|
|
|
|
|
|
|
# Escape every ASCII character with a value less than 32.
|
2012-09-18 18:28:49 +08:00
|
|
|
_js_escapes.update((ord('%c' % z), '\\u%04X' % z) for z in range(32))
|
2011-01-03 01:34:52 +08:00
|
|
|
|
2013-11-03 04:12:09 +08:00
|
|
|
|
2011-01-03 01:34:52 +08:00
|
|
|
def escapejs(value):
|
|
|
|
"""Hex encodes characters for use in JavaScript strings."""
|
2012-09-18 18:28:49 +08:00
|
|
|
return mark_safe(force_text(value).translate(_js_escapes))
|
2014-10-16 09:03:40 +08:00
|
|
|
escapejs = allow_lazy(escapejs, six.text_type, SafeText)
|
2011-01-03 01:34:52 +08:00
|
|
|
|
2013-11-03 04:12:09 +08:00
|
|
|
|
2012-06-30 23:41:51 +08:00
|
|
|
def conditional_escape(text):
|
2007-11-14 20:58:53 +08:00
|
|
|
"""
|
|
|
|
Similar to escape(), except that it doesn't operate on pre-escaped strings.
|
2014-12-24 05:29:01 +08:00
|
|
|
|
|
|
|
This function relies on the __html__ convention used both by Django's
|
|
|
|
SafeData class and by third-party libraries like markupsafe.
|
2007-11-14 20:58:53 +08:00
|
|
|
"""
|
2013-10-15 06:40:52 +08:00
|
|
|
if hasattr(text, '__html__'):
|
|
|
|
return text.__html__()
|
2007-11-14 20:58:53 +08:00
|
|
|
else:
|
2012-06-30 23:41:51 +08:00
|
|
|
return escape(text)
|
2007-11-14 20:58:53 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2012-07-01 01:54:38 +08:00
|
|
|
def format_html(format_string, *args, **kwargs):
|
|
|
|
"""
|
|
|
|
Similar to str.format, but passes all arguments through conditional_escape,
|
|
|
|
and calls 'mark_safe' on the result. This function should be used instead
|
|
|
|
of str.format or % interpolation to build up small HTML fragments.
|
|
|
|
"""
|
|
|
|
args_safe = map(conditional_escape, args)
|
2014-12-07 05:00:09 +08:00
|
|
|
kwargs_safe = {k: conditional_escape(v) for (k, v) in six.iteritems(kwargs)}
|
2012-07-01 01:54:38 +08:00
|
|
|
return mark_safe(format_string.format(*args_safe, **kwargs_safe))
|
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2012-07-01 01:54:38 +08:00
|
|
|
def format_html_join(sep, format_string, args_generator):
|
|
|
|
"""
|
2013-01-25 19:53:40 +08:00
|
|
|
A wrapper of format_html, for the common case of a group of arguments that
|
|
|
|
need to be formatted using the same format string, and then joined using
|
2012-07-01 01:54:38 +08:00
|
|
|
'sep'. 'sep' is also passed through conditional_escape.
|
|
|
|
|
|
|
|
'args_generator' should be an iterator that returns the sequence of 'args'
|
|
|
|
that will be passed to format_html.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
2014-11-27 08:41:27 +08:00
|
|
|
format_html_join('\n', "<li>{} {}</li>", ((u.first_name, u.last_name)
|
2012-07-01 01:54:38 +08:00
|
|
|
for u in users))
|
|
|
|
|
|
|
|
"""
|
|
|
|
return mark_safe(conditional_escape(sep).join(
|
2013-10-20 07:33:10 +08:00
|
|
|
format_html(format_string, *tuple(args))
|
|
|
|
for args in args_generator))
|
2012-07-01 01:54:38 +08:00
|
|
|
|
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
def linebreaks(value, autoescape=False):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Converts newlines into <p> and <br />s."""
|
2011-07-29 18:22:25 +08:00
|
|
|
value = normalize_newlines(value)
|
2005-07-13 09:25:57 +08:00
|
|
|
paras = re.split('\n{2,}', value)
|
2007-11-14 20:58:53 +08:00
|
|
|
if autoescape:
|
2012-06-08 00:08:47 +08:00
|
|
|
paras = ['<p>%s</p>' % escape(p).replace('\n', '<br />') for p in paras]
|
2007-11-14 20:58:53 +08:00
|
|
|
else:
|
2012-06-08 00:08:47 +08:00
|
|
|
paras = ['<p>%s</p>' % p.replace('\n', '<br />') for p in paras]
|
|
|
|
return '\n\n'.join(paras)
|
2012-07-20 20:48:51 +08:00
|
|
|
linebreaks = allow_lazy(linebreaks, six.text_type)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2013-05-22 23:29:16 +08:00
|
|
|
|
|
|
|
class MLStripper(HTMLParser):
|
|
|
|
def __init__(self):
|
2014-11-24 21:34:02 +08:00
|
|
|
HTMLParser.__init__(self)
|
2013-05-22 23:29:16 +08:00
|
|
|
self.reset()
|
|
|
|
self.fed = []
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2013-05-22 23:29:16 +08:00
|
|
|
def handle_data(self, d):
|
|
|
|
self.fed.append(d)
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2013-05-22 23:29:16 +08:00
|
|
|
def handle_entityref(self, name):
|
|
|
|
self.fed.append('&%s;' % name)
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2013-05-22 23:29:16 +08:00
|
|
|
def handle_charref(self, name):
|
|
|
|
self.fed.append('&#%s;' % name)
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2013-05-22 23:29:16 +08:00
|
|
|
def get_data(self):
|
|
|
|
return ''.join(self.fed)
|
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2014-03-20 23:50:50 +08:00
|
|
|
def _strip_once(value):
|
|
|
|
"""
|
|
|
|
Internal tag stripping utility used by strip_tags.
|
|
|
|
"""
|
2013-05-22 23:29:16 +08:00
|
|
|
s = MLStripper()
|
|
|
|
try:
|
2013-05-23 20:00:17 +08:00
|
|
|
s.feed(value)
|
|
|
|
except HTMLParseError:
|
|
|
|
return value
|
2014-03-20 23:50:50 +08:00
|
|
|
try:
|
|
|
|
s.close()
|
2014-11-24 21:34:02 +08:00
|
|
|
except HTMLParseError:
|
2014-03-20 23:50:50 +08:00
|
|
|
return s.get_data() + s.rawdata
|
2013-05-23 20:00:17 +08:00
|
|
|
else:
|
|
|
|
return s.get_data()
|
2014-03-20 23:50:50 +08:00
|
|
|
|
|
|
|
|
|
|
|
def strip_tags(value):
|
|
|
|
"""Returns the given HTML with all tags stripped."""
|
2014-04-03 14:59:06 +08:00
|
|
|
# Note: in typical case this loop executes _strip_once once. Loop condition
|
|
|
|
# is redundant, but helps to reduce number of executions of _strip_once.
|
|
|
|
while '<' in value and '>' in value:
|
2014-03-20 23:50:50 +08:00
|
|
|
new_value = _strip_once(value)
|
2015-03-04 21:11:25 +08:00
|
|
|
if len(new_value) >= len(value):
|
|
|
|
# _strip_once was not able to detect more tags or length increased
|
|
|
|
# due to http://bugs.python.org/issue20288
|
|
|
|
# (affects Python 2 < 2.7.7 and Python 3 < 3.3.5)
|
2014-04-03 14:59:06 +08:00
|
|
|
break
|
|
|
|
value = new_value
|
|
|
|
return value
|
Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.
Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 20:11:04 +08:00
|
|
|
strip_tags = allow_lazy(strip_tags)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2012-08-18 20:53:22 +08:00
|
|
|
def remove_tags(html, tags):
|
|
|
|
"""Returns the given HTML with given tags removed."""
|
2014-08-11 19:24:51 +08:00
|
|
|
warnings.warn(
|
|
|
|
"django.utils.html.remove_tags() and the removetags template filter "
|
|
|
|
"are deprecated. Consider using the bleach library instead.",
|
|
|
|
RemovedInDjango20Warning, stacklevel=3
|
|
|
|
)
|
2012-08-18 20:53:22 +08:00
|
|
|
tags = [re.escape(tag) for tag in tags.split()]
|
2012-08-18 23:47:21 +08:00
|
|
|
tags_re = '(%s)' % '|'.join(tags)
|
|
|
|
starttag_re = re.compile(r'<%s(/?>|(\s+[^>]*>))' % tags_re, re.U)
|
|
|
|
endtag_re = re.compile('</%s>' % tags_re)
|
|
|
|
html = starttag_re.sub('', html)
|
|
|
|
html = endtag_re.sub('', html)
|
2012-08-18 20:53:22 +08:00
|
|
|
return html
|
2012-08-18 23:47:21 +08:00
|
|
|
remove_tags = allow_lazy(remove_tags, six.text_type)
|
2012-08-18 20:53:22 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2006-01-15 09:51:30 +08:00
|
|
|
def strip_spaces_between_tags(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with spaces between tags removed."""
|
2012-07-21 16:00:10 +08:00
|
|
|
return re.sub(r'>\s+<', '><', force_text(value))
|
2012-07-20 20:48:51 +08:00
|
|
|
strip_spaces_between_tags = allow_lazy(strip_spaces_between_tags, six.text_type)
|
2006-01-15 09:51:30 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2005-07-13 09:25:57 +08:00
|
|
|
def strip_entities(value):
|
2007-12-11 13:49:11 +08:00
|
|
|
"""Returns the given HTML with all entities (&something;) stripped."""
|
2014-08-11 19:24:51 +08:00
|
|
|
warnings.warn(
|
|
|
|
"django.utils.html.strip_entities() is deprecated.",
|
|
|
|
RemovedInDjango20Warning, stacklevel=2
|
|
|
|
)
|
2012-07-21 16:00:10 +08:00
|
|
|
return re.sub(r'&(?:\w+|#\d+);', '', force_text(value))
|
2012-07-20 20:48:51 +08:00
|
|
|
strip_entities = allow_lazy(strip_entities, six.text_type)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2012-01-08 02:15:28 +08:00
|
|
|
def smart_urlquote(url):
|
2012-02-04 01:57:15 +08:00
|
|
|
"Quotes a URL if it isn't already quoted."
|
2014-06-27 03:14:30 +08:00
|
|
|
def unquote_quote(segment):
|
|
|
|
segment = unquote(force_str(segment))
|
|
|
|
# Tilde is part of RFC3986 Unreserved Characters
|
|
|
|
# http://tools.ietf.org/html/rfc3986#section-2.3
|
|
|
|
# See also http://bugs.python.org/issue16285
|
|
|
|
segment = quote(segment, safe=RFC3986_SUBDELIMS + RFC3986_GENDELIMS + str('~'))
|
|
|
|
return force_text(segment)
|
|
|
|
|
2012-01-08 02:39:14 +08:00
|
|
|
# Handle IDN before quoting.
|
|
|
|
try:
|
2012-12-03 20:13:24 +08:00
|
|
|
scheme, netloc, path, query, fragment = urlsplit(url)
|
|
|
|
except ValueError:
|
|
|
|
# invalid IPv6 URL (normally square brackets in hostname part).
|
2014-06-27 03:14:30 +08:00
|
|
|
return unquote_quote(url)
|
2012-01-08 02:15:28 +08:00
|
|
|
|
2014-06-27 03:14:30 +08:00
|
|
|
try:
|
|
|
|
netloc = netloc.encode('idna').decode('ascii') # IDN -> ACE
|
|
|
|
except UnicodeError: # invalid domain part
|
|
|
|
return unquote_quote(url)
|
|
|
|
|
|
|
|
if query:
|
|
|
|
# Separately unquoting key/value, so as to not mix querystring separators
|
|
|
|
# included in query values. See #22267.
|
|
|
|
query_parts = [(unquote(force_str(q[0])), unquote(force_str(q[1])))
|
|
|
|
for q in parse_qsl(query, keep_blank_values=True)]
|
|
|
|
# urlencode will take care of quoting
|
|
|
|
query = urlencode(query_parts)
|
|
|
|
|
|
|
|
path = unquote_quote(path)
|
|
|
|
fragment = unquote_quote(fragment)
|
|
|
|
|
|
|
|
return urlunsplit((scheme, netloc, path, query, fragment))
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2014-08-09 18:44:48 +08:00
|
|
|
|
2007-11-14 20:58:53 +08:00
|
|
|
def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2007-12-11 13:49:11 +08:00
|
|
|
Converts any URLs in text into clickable links.
|
2007-07-16 13:28:13 +08:00
|
|
|
|
2012-01-09 00:08:43 +08:00
|
|
|
Works on http://, https://, www. links, and also on links ending in one of
|
2012-01-09 05:36:22 +08:00
|
|
|
the original seven gTLDs (.com, .edu, .gov, .int, .mil, .net, and .org).
|
|
|
|
Links can have trailing punctuation (periods, commas, close-parens) and
|
|
|
|
leading punctuation (opening parens) and it'll still do the right thing.
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2014-03-02 22:25:53 +08:00
|
|
|
If trim_url_limit is not None, the URLs in the link text longer than this
|
|
|
|
limit will be truncated to trim_url_limit-3 characters and appended with
|
|
|
|
an ellipsis.
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2014-03-02 22:25:53 +08:00
|
|
|
If nofollow is True, the links will get a rel="nofollow" attribute.
|
2008-06-26 13:07:13 +08:00
|
|
|
|
2014-03-02 22:25:53 +08:00
|
|
|
If autoescape is True, the link text and URLs will be autoescaped.
|
2005-07-13 09:25:57 +08:00
|
|
|
"""
|
2014-08-09 18:44:48 +08:00
|
|
|
safe_input = isinstance(text, SafeData)
|
|
|
|
|
2013-05-17 22:33:36 +08:00
|
|
|
def trim_url(x, limit=trim_url_limit):
|
|
|
|
if limit is None or len(x) <= limit:
|
|
|
|
return x
|
|
|
|
return '%s...' % x[:max(0, limit - 3)]
|
2014-08-09 18:44:48 +08:00
|
|
|
|
|
|
|
def unescape(text, trail):
|
|
|
|
"""
|
|
|
|
If input URL is HTML-escaped, unescape it so as we can safely feed it to
|
|
|
|
smart_urlquote. For example:
|
|
|
|
http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2>
|
|
|
|
"""
|
2014-09-10 08:57:26 +08:00
|
|
|
unescaped = (text + trail).replace(
|
|
|
|
'&', '&').replace('<', '<').replace(
|
|
|
|
'>', '>').replace('"', '"').replace(''', "'")
|
2015-03-07 04:56:11 +08:00
|
|
|
if trail and unescaped.endswith(trail):
|
|
|
|
# Remove trail for unescaped if it was not consumed by unescape
|
|
|
|
unescaped = unescaped[:-len(trail)]
|
|
|
|
elif trail == ';':
|
|
|
|
# Trail was consumed by unescape (as end-of-entity marker), move it to text
|
2014-08-09 18:44:48 +08:00
|
|
|
text += trail
|
2015-03-07 04:56:11 +08:00
|
|
|
trail = ''
|
|
|
|
return text, unescaped, trail
|
2014-08-09 18:44:48 +08:00
|
|
|
|
2012-07-21 16:00:10 +08:00
|
|
|
words = word_split_re.split(force_text(text))
|
2005-07-13 09:25:57 +08:00
|
|
|
for i, word in enumerate(words):
|
2008-07-20 02:05:22 +08:00
|
|
|
if '.' in word or '@' in word or ':' in word:
|
2012-01-09 03:42:14 +08:00
|
|
|
# Deal with punctuation.
|
|
|
|
lead, middle, trail = '', word, ''
|
|
|
|
for punctuation in TRAILING_PUNCTUATION:
|
|
|
|
if middle.endswith(punctuation):
|
|
|
|
middle = middle[:-len(punctuation)]
|
|
|
|
trail = punctuation + trail
|
|
|
|
for opening, closing in WRAPPING_PUNCTUATION:
|
|
|
|
if middle.startswith(opening):
|
|
|
|
middle = middle[len(opening):]
|
|
|
|
lead = lead + opening
|
|
|
|
# Keep parentheses at the end only if they're balanced.
|
|
|
|
if (middle.endswith(closing)
|
2013-11-26 17:43:46 +08:00
|
|
|
and middle.count(closing) == middle.count(opening) + 1):
|
2012-01-09 03:42:14 +08:00
|
|
|
middle = middle[:-len(closing)]
|
|
|
|
trail = closing + trail
|
|
|
|
|
2008-06-26 13:07:13 +08:00
|
|
|
# Make URL we want to point to.
|
|
|
|
url = None
|
2012-01-08 17:51:36 +08:00
|
|
|
nofollow_attr = ' rel="nofollow"' if nofollow else ''
|
2012-01-08 23:43:32 +08:00
|
|
|
if simple_url_re.match(middle):
|
2014-08-09 18:44:48 +08:00
|
|
|
middle, middle_unescaped, trail = unescape(middle, trail)
|
|
|
|
url = smart_urlquote(middle_unescaped)
|
2012-01-08 23:43:32 +08:00
|
|
|
elif simple_url_2_re.match(middle):
|
2014-08-09 18:44:48 +08:00
|
|
|
middle, middle_unescaped, trail = unescape(middle, trail)
|
|
|
|
url = smart_urlquote('http://%s' % middle_unescaped)
|
2014-03-31 03:11:05 +08:00
|
|
|
elif ':' not in middle and simple_email_re.match(middle):
|
2012-01-08 02:39:14 +08:00
|
|
|
local, domain = middle.rsplit('@', 1)
|
2012-02-05 00:05:48 +08:00
|
|
|
try:
|
2012-08-12 04:44:42 +08:00
|
|
|
domain = domain.encode('idna').decode('ascii')
|
2012-02-05 00:05:48 +08:00
|
|
|
except UnicodeError:
|
|
|
|
continue
|
2012-01-08 02:39:14 +08:00
|
|
|
url = 'mailto:%s@%s' % (local, domain)
|
2008-06-26 13:07:13 +08:00
|
|
|
nofollow_attr = ''
|
2012-01-09 03:42:14 +08:00
|
|
|
|
2008-06-26 13:07:13 +08:00
|
|
|
# Make link.
|
|
|
|
if url:
|
|
|
|
trimmed = trim_url(middle)
|
2008-02-03 16:54:26 +08:00
|
|
|
if autoescape and not safe_input:
|
|
|
|
lead, trail = escape(lead), escape(trail)
|
2014-08-09 18:44:48 +08:00
|
|
|
trimmed = escape(trimmed)
|
2015-03-11 06:40:33 +08:00
|
|
|
middle = '<a href="%s"%s>%s</a>' % (escape(url), nofollow_attr, trimmed)
|
2008-02-03 16:54:26 +08:00
|
|
|
words[i] = mark_safe('%s%s%s' % (lead, middle, trail))
|
2008-06-26 13:07:13 +08:00
|
|
|
else:
|
|
|
|
if safe_input:
|
|
|
|
words[i] = mark_safe(word)
|
|
|
|
elif autoescape:
|
|
|
|
words[i] = escape(word)
|
2007-11-17 20:12:40 +08:00
|
|
|
elif safe_input:
|
|
|
|
words[i] = mark_safe(word)
|
|
|
|
elif autoescape:
|
|
|
|
words[i] = escape(word)
|
2012-06-08 00:08:47 +08:00
|
|
|
return ''.join(words)
|
2012-07-20 20:48:51 +08:00
|
|
|
urlize = allow_lazy(urlize, six.text_type)
|
2005-07-13 09:25:57 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2013-05-18 19:58:45 +08:00
|
|
|
def avoid_wrapping(value):
|
|
|
|
"""
|
|
|
|
Avoid text wrapping in the middle of a phrase by adding non-breaking
|
|
|
|
spaces where there previously were normal spaces.
|
|
|
|
"""
|
|
|
|
return value.replace(" ", "\xa0")
|
2015-03-19 04:42:59 +08:00
|
|
|
|
|
|
|
|
|
|
|
def html_safe(klass):
|
|
|
|
"""
|
|
|
|
A decorator that defines the __html__ method. This helps non-Django
|
|
|
|
templates to detect classes whose __str__ methods return SafeText.
|
|
|
|
"""
|
|
|
|
if '__html__' in klass.__dict__:
|
|
|
|
raise ValueError(
|
|
|
|
"can't apply @html_safe to %s because it defines "
|
|
|
|
"__html__()." % klass.__name__
|
|
|
|
)
|
|
|
|
if six.PY2:
|
|
|
|
if '__unicode__' not in klass.__dict__:
|
|
|
|
raise ValueError(
|
|
|
|
"can't apply @html_safe to %s because it doesn't "
|
|
|
|
"define __unicode__()." % klass.__name__
|
|
|
|
)
|
|
|
|
klass_unicode = klass.__unicode__
|
|
|
|
klass.__unicode__ = lambda self: mark_safe(klass_unicode(self))
|
2015-06-15 22:37:14 +08:00
|
|
|
klass.__html__ = lambda self: unicode(self) # NOQA: unicode undefined on PY3
|
2015-03-19 04:42:59 +08:00
|
|
|
else:
|
|
|
|
if '__str__' not in klass.__dict__:
|
|
|
|
raise ValueError(
|
|
|
|
"can't apply @html_safe to %s because it doesn't "
|
|
|
|
"define __str__()." % klass.__name__
|
|
|
|
)
|
|
|
|
klass_str = klass.__str__
|
|
|
|
klass.__str__ = lambda self: mark_safe(klass_str(self))
|
|
|
|
klass.__html__ = lambda self: str(self)
|
|
|
|
return klass
|