Commit 6353108a authored by Laurent Peuch's avatar Laurent Peuch
Browse files

feat(self.w): adapt UStringIO.write for new API

parent c9cf9d646783
......@@ -43,6 +43,34 @@ _MARKER = object()
random.seed()
def format_and_escape_string(value, *args, escape=True):
if args:
try:
if escape:
if isinstance(args[0], dict):
value = value % {
key: xml_escape(str(value)) if value else value
for key, value in args[0].items()
}
else:
value = value % tuple(xml_escape(str(x)) if x else x for x in args)
else:
if isinstance(args[0], dict):
value = value % args[0]
else:
value = value % args
except Exception:
# for debugging, the exception is often hidden otherwise
import traceback
traceback.print_exc()
print(f'text: "{value}"')
print(f'arguments: "{args}"')
raise
return value
def admincnx(appid):
from cubicweb import repoapi
from cubicweb.cwconfig import CubicWebConfiguration
......@@ -200,7 +228,7 @@ class RepeatList(object):
def handle_writing_constraints(method):
@wraps(method)
def wrapper(self, value):
def wrapper(self, value, *args, escape=True):
if self.tracewrites:
from traceback import format_stack
......@@ -209,7 +237,7 @@ def handle_writing_constraints(method):
escaped_html = xml_escape(value).replace("\n", "<br/>\n")
tpl = '<span onclick="alert(%s)">%s</span>'
value = tpl % (escaped_stack, escaped_html)
return method(self, value)
return method(self, value, *args, escape=escape)
return wrapper
......@@ -228,12 +256,24 @@ class UStringIO(list):
__nonzero__ = __bool__
@handle_writing_constraints
def write(self, value):
def write(self, value, *args, escape=True):
if self.tracewrites:
from traceback import format_stack
stack = format_stack(None)[:-1]
escaped_stack = xml_escape(json_dumps("\n".join(stack)))
escaped_html = xml_escape(value).replace("\n", "<br/>\n")
tpl = '<span onclick="alert(%s)">%s</span>'
value = tpl % (escaped_stack, escaped_html)
value = format_and_escape_string(value, *args, escape=escape)
self.append(value)
@handle_writing_constraints
def write_front(self, value):
def write_front(self, value, *args, escape=True):
value = format_and_escape_string(value, *args, escape=escape)
self.insert(0, value)
def getvalue(self):
......
......@@ -34,7 +34,7 @@ from rql import nodes
from cubicweb import NotAnEntity
from cubicweb.predicates import non_final_entity, nonempty_rset, none_rset
from cubicweb.appobject import AppObject
from cubicweb.utils import UStringIO, HTMLStream
from cubicweb.utils import UStringIO, HTMLStream, format_and_escape_string
from cubicweb.uilib import domid, js
from cubicweb.schema import display_name
......@@ -140,31 +140,7 @@ class View(AppObject):
"rest": rest,
}
if args:
try:
if escape:
if isinstance(args[0], dict):
text = text % {
key: xml_escape(str(value)) if value else value
for key, value in args[0].items()
}
else:
text = text % tuple(
xml_escape(str(x)) if x else x for x in args
)
else:
if isinstance(args[0], dict):
text = text % args[0]
else:
text = text % args
except Exception:
# for debugging, the exception is often hidden otherwise
import traceback
traceback.print_exc()
print('text: "%s"' % text)
print('arguments: "%s"' % args)
raise
text = format_and_escape_string(text, *args, escape=escape)
return self._w(text)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment