From c85fed0df1c3e89cf516130bc14dc1c0b596ab10 Mon Sep 17 00:00:00 2001 From: absurdo Date: Wed, 20 Dec 2023 01:46:48 +0100 Subject: [PATCH] Multiple fixes, changed beautifoul soup dependency for bleach from mozilla --- paramecio2/libraries/db/corefields.py | 19 +++++++++++++++++-- paramecio2/tests/fields_test.py | 6 +++--- setup.py | 4 ++-- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/paramecio2/libraries/db/corefields.py b/paramecio2/libraries/db/corefields.py index 5d41e55..f52199c 100644 --- a/paramecio2/libraries/db/corefields.py +++ b/paramecio2/libraries/db/corefields.py @@ -1,7 +1,8 @@ from paramecio2.libraries.db.webmodel import PhangoField from paramecio2.libraries.db import coreforms from paramecio2.libraries.i18n import I18n -from bs4 import BeautifulSoup +#from bs4 import BeautifulSoup +import bleach class IntegerField(PhangoField): @@ -212,9 +213,12 @@ class HTMLField(TextField): This check method use beautifulsoap for clean and format html code """ + # leach.clean('

"trial"

', tags=('p')) + """ soup=BeautifulSoup(value, features='html.parser') for tag in soup.findAll(True): + if tag.name not in self.trusted_tags: tag.hidden=True @@ -227,7 +231,18 @@ class HTMLField(TextField): return value - + """ + + value=bleach.clean('

"trial"

', tags=self.trusted_tags) + + if self.escape: + + return value.replace('"', '"') + else: + + return value + + class ForeignKeyField(IntegerField): """Subclass of IntegerField for create Foreign keys diff --git a/paramecio2/tests/fields_test.py b/paramecio2/tests/fields_test.py index f44027e..2655172 100644 --- a/paramecio2/tests/fields_test.py +++ b/paramecio2/tests/fields_test.py @@ -59,15 +59,15 @@ def test_test_htmlfield(): field=corefields.HTMLField('html') - assert field.check('

"trial"

')=='"trial"' + assert field.check('

"trial"

')=='<p>"trial"</p><script></script>' field.escape=True - assert field.check('

"trial"

')=='"trial"' + assert field.check('

"trial"

')=='<p>"trial"</p><script></script>' field.trusted_tags=['p'] - assert field.check('

"trial"

')=='

"trial"

' + assert field.check('

"trial"

')=='

"trial"

<script></script>' #field. def test_test_foreignkeyfield(): diff --git a/setup.py b/setup.py index 151c07b..7503168 100644 --- a/setup.py +++ b/setup.py @@ -13,7 +13,7 @@ if sys.version_info < (3, 8): # If you install passlib and bcrypt, the password system will use bcrypt by default, if not, will use native crypt libc setup(name='paramecio2', - version='2.0.28', + version='2.0.29', description='Simple Web Framework based in flask and Mako.', long_description='This framework is a simple framework used for create web apps. Paramecio is modular and fast. By default have a module called admin that can be used for create admin sites', author='Antonio de la Rosa Caballero', @@ -21,7 +21,7 @@ setup(name='paramecio2', url='https://bitbucket.org/paramecio/paramecio2fm/', packages=['paramecio2'], include_package_data=True, - install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'beautifulsoup4'], + install_requires=['flask', 'pymysql', 'sqlalchemy', 'colorama', 'python-slugify', 'mako', 'pillow', 'arrow', 'bleach'], entry_points={'console_scripts': [ 'paramecio2 = paramecio2.console:start', 'paramecio2db = paramecio2.libraries.db.dbadmin:start', 'paramecio2lang = paramecio2.libraries.check_i18n:start', ]},