Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 # coding: utf-8 | 1 # coding: utf-8 |
2 | 2 |
3 # This file is part of the Adblock Plus web scripts, | 3 # This file is part of the Adblock Plus web scripts, |
4 # Copyright (C) 2006-2015 Eyeo GmbH | 4 # Copyright (C) 2006-2016 Eyeo GmbH |
5 # | 5 # |
6 # Adblock Plus is free software: you can redistribute it and/or modify | 6 # Adblock Plus is free software: you can redistribute it and/or modify |
7 # it under the terms of the GNU General Public License version 3 as | 7 # it under the terms of the GNU General Public License version 3 as |
8 # published by the Free Software Foundation. | 8 # published by the Free Software Foundation. |
9 # | 9 # |
10 # Adblock Plus is distributed in the hope that it will be useful, | 10 # Adblock Plus is distributed in the hope that it will be useful, |
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of | 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 # GNU General Public License for more details. | 13 # GNU General Public License for more details. |
14 # | 14 # |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
174 | 174 |
175 # Insert attributes | 175 # Insert attributes |
176 result = escape(result) | 176 result = escape(result) |
177 def stringify_attribute((name, value)): | 177 def stringify_attribute((name, value)): |
178 return '%s="%s"' % ( | 178 return '%s="%s"' % ( |
179 escape(name), | 179 escape(name), |
180 escape(self.insert_localized_strings(value, {})) | 180 escape(self.insert_localized_strings(value, {})) |
181 ) | 181 ) |
182 | 182 |
183 for tag in self.whitelist: | 183 for tag in self.whitelist: |
184 allowed_tags = [t % re.escape(tag_name) | 184 allowed_contents = "(?:[^<>]|%s)" % "|".join(( |
185 for t in ("\<%s[^<>]*?\>", "\<\/%s\>") | 185 "<(?:%s[^<>]*?|/%s)>" % (t, t) |
Sebastian Noack
2016/01/21 13:55:56
Nit: None of your escaping applies to regexp as yo
kzar
2016/02/19 14:32:28
Done.
| |
186 for tag_name in self.whitelist.difference({tag})] | 186 for t in map(re.escape, self.whitelist - {tag}) |
Sebastian Noack
2016/01/21 13:55:56
Nit: self.whitelist - {tag}
Besides being more co
kzar
2016/02/19 14:32:28
Done.
| |
187 allowed_contents = "(?:%s)" % "|".join(["[^<>]"] + allowed_tags) | 187 )) |
188 saved = saved_attributes.get(tag, []) | 188 saved = saved_attributes.get(tag, []) |
189 for attrs in saved: | 189 for attrs in saved: |
190 attrs = map(stringify_attribute, attrs) | 190 attrs = map(stringify_attribute, attrs) |
191 result = re.sub( | 191 result = re.sub( |
192 r"%s(%s*?)%s" % (re_escape("<%s>" % tag), allowed_contents, | 192 r"%s(%s*?)%s" % (re_escape("<%s>" % tag), allowed_contents, |
Sebastian Noack
2016/01/21 13:55:56
I wonder whether you should parse the content recu
kzar
2016/02/19 14:32:28
I guess so but probably overkill, we didn't check
| |
193 re_escape("</%s>" % tag)), | 193 re_escape("</%s>" % tag)), |
194 lambda match: r'<%s%s>%s</%s>' % ( | 194 lambda match: r'<%s%s>%s</%s>' % ( |
195 tag, | 195 tag, |
196 " " + " ".join(attrs) if attrs else "", | 196 " " + " ".join(attrs) if attrs else "", |
197 match.group(1), | 197 match.group(1), |
198 tag | 198 tag |
199 ), | 199 ), |
200 result, 1, flags=re.S | 200 result, 1, flags=re.S |
201 ) | 201 ) |
202 result = re.sub( | 202 result = re.sub( |
(...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
443 stack.pop() | 443 stack.pop() |
444 stack[-1]["subitems"].append(item) | 444 stack[-1]["subitems"].append(item) |
445 stack.append(item) | 445 stack.append(item) |
446 return structured | 446 return structured |
447 | 447 |
448 converters = { | 448 converters = { |
449 "html": RawConverter, | 449 "html": RawConverter, |
450 "md": MarkdownConverter, | 450 "md": MarkdownConverter, |
451 "tmpl": TemplateConverter, | 451 "tmpl": TemplateConverter, |
452 } | 452 } |
LEFT | RIGHT |