MoinShare

Changeset

66:4ec0da93d8d5
2014-04-04 Paul Boddie raw files shortlog changelog graph Eliminated empty parts from the display representation. Prevented the HTML sanitizer from writing links to ReadMessage URLs for messages not originating from message stores associated with wiki pages. default tip
MoinShare.py (file)
     1.1 --- a/MoinShare.py	Thu Apr 03 23:37:56 2014 +0200
     1.2 +++ b/MoinShare.py	Fri Apr 04 00:21:00 2014 +0200
     1.3 @@ -393,6 +393,7 @@
     1.4          update = Update()
     1.5          update.updated = getDateTimeFromRFC2822(part.get("date"))
     1.6          update.title = part.get("subject", "Update #%d" % message_number)
     1.7 +
     1.8          update.message_number = message_number
     1.9  
    1.10          update.content, update.content_type, update.parts, actual_author = \
    1.11 @@ -625,21 +626,18 @@
    1.12  
    1.13      # NOTE: Some control over the HTML and XHTML should be exercised.
    1.14  
    1.15 -    if update.content:
    1.16 -        if update.content_type == "text/html" and update.message_number is not None:
    1.17 -            parsers = [get_make_parser(update.page, update.message_number)]
    1.18 -        else:
    1.19 -            parsers = getParsersForContentType(request.cfg, update.content_type)
    1.20 +    if update.content_type == "text/html" and update.page is not None and update.message_number is not None:
    1.21 +        parsers = [get_make_parser(update.page, update.message_number)]
    1.22 +    else:
    1.23 +        parsers = getParsersForContentType(request.cfg, update.content_type)
    1.24  
    1.25 -        if parsers:
    1.26 -            for parser_cls in parsers:
    1.27 -                if hasattr(parser_cls, "formatForOutputType"):
    1.28 -                    return formatTextForOutputType(update.content, request, parser_cls, "text/html")
    1.29 -                else:
    1.30 -                    return formatText(update.content, request, fmt, parser_cls=parser_cls)
    1.31 -                break
    1.32 -        else:
    1.33 -            return None
    1.34 +    if parsers:
    1.35 +        for parser_cls in parsers:
    1.36 +            if hasattr(parser_cls, "formatForOutputType"):
    1.37 +                return formatTextForOutputType(update.content, request, parser_cls, "text/html")
    1.38 +            else:
    1.39 +                return formatText(update.content, request, fmt, parser_cls=parser_cls)
    1.40 +            break
    1.41      else:
    1.42          return None
    1.43  
    1.44 @@ -662,11 +660,12 @@
    1.45          first = True
    1.46  
    1.47          for update_part in updates:
    1.48 -            append(fmt.url(1, "#%s" % update_part.unique_id()))
    1.49 -            append(fmt.text(update_part.content_type))
    1.50 -            append(fmt.url(0))
    1.51 +            if update_part.content:
    1.52 +                append(fmt.url(1, "#%s" % update_part.unique_id()))
    1.53 +                append(fmt.text(update_part.content_type))
    1.54 +                append(fmt.url(0))
    1.55  
    1.56 -            first = False
    1.57 +                first = False
    1.58  
    1.59          append(fmt.div(on=0))
    1.60  
    1.61 @@ -675,21 +674,22 @@
    1.62      first = True
    1.63  
    1.64      for update_part in updates:
    1.65 +        if update_part.content:
    1.66  
    1.67 -        # Encapsulate each alternative if many exist.
    1.68 +            # Encapsulate each alternative if many exist.
    1.69  
    1.70 -        if not single:
    1.71 -            css_class = first and "moinshare-default" or "moinshare-other"
    1.72 -            append(fmt.div(on=1, css_class="moinshare-alternative %s" % css_class, id=update_part.unique_id()))
    1.73 +            if not single:
    1.74 +                css_class = first and "moinshare-default" or "moinshare-other"
    1.75 +                append(fmt.div(on=1, css_class="moinshare-alternative %s" % css_class, id=update_part.unique_id()))
    1.76  
    1.77 -        # Include the content.
    1.78 +            # Include the content.
    1.79  
    1.80 -        append(formatUpdatePart(update_part, request, fmt))
    1.81 +            append(formatUpdatePart(update_part, request, fmt))
    1.82  
    1.83 -        if not single:
    1.84 -            append(fmt.div(on=0))
    1.85 +            if not single:
    1.86 +                append(fmt.div(on=0))
    1.87  
    1.88 -        first = False
    1.89 +            first = False
    1.90  
    1.91      return "".join(result)
    1.92  
    1.93 @@ -740,9 +740,24 @@
    1.94  
    1.95  class IncomingHTMLSanitizer(HTMLSanitizer):
    1.96  
    1.97 -    "An HTML parser that rewrites references to attachments."
    1.98 +    """
    1.99 +    An HTML parser that rewrites references to attachments. Instead of referring
   1.100 +    to content identifier URLs with a scheme of "cid:", the resulting HTML will
   1.101 +    refer to action URLs that extract parts from messages in message stores.
   1.102 +
   1.103 +    NOTE: This rewriting does not occur for other sources of HTML bundles
   1.104 +    NOTE: because other actions would be required to support the extraction of
   1.105 +    NOTE: resources from such sources.
   1.106 +    """
   1.107  
   1.108      def __init__(self, out, request, page, message_number):
   1.109 +
   1.110 +        """
   1.111 +        Initialise the sanitizer with an 'out' stream for output, the given
   1.112 +        'request', a 'page' from which the HTML originates, together with the
   1.113 +        'message_number' providing the content.
   1.114 +        """
   1.115 +
   1.116          HTMLSanitizer.__init__(self, out)
   1.117          self.request = request
   1.118          self.message_number = message_number