我们从Python开源项目中,提取了以下20个代码示例,用于说明如何使用jinja2.utils.escape()。
def do_replace(eval_ctx, s, old, new, count=None): """Return a copy of the value with all occurrences of a substring replaced with a new one. The first argument is the substring that should be replaced, the second is the replacement string. If the optional third argument ``count`` is given, only the first ``count`` occurrences are replaced: .. sourcecode:: jinja {{ "Hello World"|replace("Hello", "Goodbye") }} -> Goodbye World {{ "aaaaargh"|replace("a", "d'oh, ", 2) }} -> d'oh, d'oh, aaargh """ if count is None: count = -1 if not eval_ctx.autoescape: return unicode(s).replace(unicode(old), unicode(new), count) if hasattr(old, '__html__') or hasattr(new, '__html__') and \ not hasattr(s, '__html__'): s = escape(s) else: s = soft_unicode(s) return s.replace(soft_unicode(old), soft_unicode(new), count)
def test_markup_leaks(self): counts = set() for count in range(20): for item in range(1000): escape("foo") escape("<foo>") escape(u"foo") escape(u"<foo>") counts.add(len(gc.get_objects())) assert len(counts) == 1, 'ouch, c extension seems to leak objects'
def suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(LRUCacheTestCase)) suite.addTest(unittest.makeSuite(HelpersTestCase)) # this test only tests the c extension if not hasattr(escape, 'func_code'): suite.addTest(unittest.makeSuite(MarkupLeakTestCase)) return suite
def empty_and_escape(value): ''' returns '' for a None value else escapes the content useful for form elements. ''' if value is None: return '' else: return escape(value)
def do_forceescape(value): """Enforce HTML escaping. This will probably double escape variables.""" if hasattr(value, '__html__'): value = value.__html__() return escape(unicode(value))
def do_xmlattr(_eval_ctx, d, autospace=True): """Create an SGML/XML attribute string based on the items in a dict. All values that are neither `none` nor `undefined` are automatically escaped: .. sourcecode:: html+jinja <ul{{ {'class': 'my_list', 'missing': none, 'id': 'list-%d'|format(variable)}|xmlattr }}> ... </ul> Results in something like this: .. sourcecode:: html <ul class="my_list" id="list-42"> ... </ul> As you can see it automatically prepends a space in front of the item if the filter returned something unless the second parameter is false. """ rv = u' '.join( u'%s="%s"' % (escape(key), escape(value)) for key, value in d.iteritems() if value is not None and not isinstance(value, Undefined) ) if autospace and rv: rv = u' ' + rv if _eval_ctx.autoescape: rv = Markup(rv) return rv
def do_join(eval_ctx, value, d=u''): """Return a string which is the concatenation of the strings in the sequence. The separator between elements is an empty string per default, you can define it with the optional parameter: .. sourcecode:: jinja {{ [1, 2, 3]|join('|') }} -> 1|2|3 {{ [1, 2, 3]|join }} -> 123 """ # no automatic escaping? joining is a lot eaiser then if not eval_ctx.autoescape: return unicode(d).join(imap(unicode, value)) # if the delimiter doesn't have an html representation we check # if any of the items has. If yes we do a coercion to Markup if not hasattr(d, '__html__'): value = list(value) do_escape = False for idx, item in enumerate(value): if hasattr(item, '__html__'): do_escape = True else: value[idx] = unicode(item) if do_escape: d = escape(d) else: d = unicode(d) return d.join(value) # no html involved, to normal joining return soft_unicode(d).join(imap(soft_unicode, value))
def show_generated_advisory(advisory_id, raw=False): entries = (db.session.query(Advisory, CVEGroup, CVEGroupPackage, CVE) .filter(Advisory.id == advisory_id) .join(CVEGroupPackage).join(CVEGroup).join(CVEGroupEntry).join(CVE) .order_by(CVE.id) ).all() if not entries: return not_found() advisory = entries[0][0] group = entries[0][1] package = entries[0][2] issues = sorted([issue for (advisory, group, package, issue) in entries]) severity_sorted_issues = sorted(issues, key=lambda issue: issue.issue_type) severity_sorted_issues = sorted(severity_sorted_issues, key=lambda issue: issue.severity) remote = any([issue.remote is Remote.remote for issue in issues]) issues_listing_formatted = (('\n{}'.format(' ' * len('CVE-ID : '))) .join(list(map(' '.join, chunks([issue.id for issue in issues], 4))))) link = TRACKER_ADVISORY_URL.format(advisory.id, group.id) upstream_released = group.affected.split('-')[0].split('+')[0] != group.fixed.split('-')[0].split('+')[0] upstream_version = group.fixed.split('-')[0].split('+')[0] if ':' in upstream_version: upstream_version = upstream_version[upstream_version.index(':') + 1:] unique_issue_types = [] for issue in severity_sorted_issues: if issue.issue_type not in unique_issue_types: unique_issue_types.append(issue.issue_type) references = [] if group.bug_ticket: references.append(TRACKER_BUGTRACKER_URL.format(group.bug_ticket)) references.extend([ref for ref in multiline_to_list(group.reference) if ref not in references]) list(map(lambda issue: references.extend( [ref for ref in multiline_to_list(issue.reference) if ref not in references]), issues)) raw_asa = render_template('advisory.txt', advisory=advisory, group=group, package=package, issues=issues, remote=remote, issues_listing_formatted=issues_listing_formatted, link=link, workaround=advisory.workaround, impact=advisory.impact, upstream_released=upstream_released, upstream_version=upstream_version, unique_issue_types=unique_issue_types, references=references, TRACKER_ISSUE_URL=TRACKER_ISSUE_URL, TRACKER_GROUP_URL=TRACKER_GROUP_URL) if raw: return raw_asa raw_asa = '\n'.join(raw_asa.split('\n')[2:]) raw_asa = str(escape(raw_asa)) raw_asa = advisory_extend_html(raw_asa, issues, package) return render_html_advisory(advisory=advisory, package=package, group=group, raw_asa=raw_asa, generated=True)
