Permalink
Browse files

escape html data, refs #4380

Change-Id: I0d13c95691a4149f076a5094a1a9cebcb94d0af2
Reviewed-on: https://gerrit.instructure.com/3321
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
  • Loading branch information...
jenseng authored and zwily committed Apr 27, 2011
1 parent 3ec2356 commit a07627aa16b415393359fc90eb1972cae27004d1
Showing with 37 additions and 61 deletions.
  1. +16 −14 lib/imsqti.py
  2. +21 −47 lib/imsqtiv1.py
View
@@ -693,10 +693,12 @@ class Block(Flow): pass
class Inline(Flow): pass
+class HTML: pass
+
SimpleInlineNames=['a','abbr','acronym','b','big','cite','code','dfn','em','i','kbd',
'q','samp','small','span','strong','sub','sup','tt','var']
-class SimpleInline(Inline):
+class SimpleInline(Inline,HTML):
def __init__ (self,name):
BodyElement.__init__(self)
self.name=name
@@ -723,7 +725,7 @@ def ExtractImages (self):
return ExtractImages(self.elements)
-class AtomicBlock(Block):
+class AtomicBlock(Block,HTML):
def __init__ (self):
BodyElement.__init__(self)
self.elements=[]
@@ -741,7 +743,7 @@ def ExtractImages (self):
return ExtractImages(self.elements)
-class SimpleBlock(Block):
+class SimpleBlock(Block,HTML):
def __init__ (self):
BodyElement.__init__(self)
self.elements=[]
@@ -856,7 +858,7 @@ def ExtractImages (elements):
i=i+1
return images
-class xhtml_div(Block):
+class xhtml_div(Block,HTML):
def __init__ (self):
BodyElement.__init__(self)
self.elements=[]
@@ -890,7 +892,7 @@ def WriteXML (self,f):
f.write("</blockquote>")
-class xhtml_ul(Block):
+class xhtml_ul(Block,HTML):
def __init__ (self,name="ul"):
BodyElement.__init__(self)
self.listItems=[]
@@ -911,7 +913,7 @@ def WriteXML (self,f):
listItem.WriteXML(f)
f.write('</'+self.name+'>')
-class xhtml_li(BodyElement):
+class xhtml_li(BodyElement,HTML):
def __init__ (self):
BodyElement.__init__(self)
self.elements=[]
@@ -953,7 +955,7 @@ def WriteXML (self,f):
element.WriteXML(f)
f.write("</pre>")
-class xhtml_object(Inline):
+class xhtml_object(Inline,HTML):
def __init__ (self):
self.data=None
self.type=None
@@ -984,7 +986,7 @@ def WriteXML (self,f):
f.write(' height="'+str(self.height)+'"')
f.write("/>")
-class xhtml_table(Block):
+class xhtml_table(Block,HTML):
def __init__(self):
BodyElement.__init__(self)
self.tableBody=[]
@@ -1015,7 +1017,7 @@ def WriteXML (self,f):
tbody.WriteXML(f)
f.write('</table>')
-class xhtml_tbody(BodyElement):
+class xhtml_tbody(BodyElement,HTML):
def __init__(self):
BodyElement.__init__(self)
self.rows=[]
@@ -1035,7 +1037,7 @@ def WriteXML (self,f):
tr.WriteXML(f)
f.write('</tbody>')
-class xhtml_tr(BodyElement):
+class xhtml_tr(BodyElement,HTML):
def __init__(self):
BodyElement.__init__(self)
self.cells=[]
@@ -1055,7 +1057,7 @@ def WriteXML (self,f):
tcell.WriteXML(f)
f.write('</tr>')
-class TableCell(BodyElement):
+class TableCell(BodyElement,HTML):
def __init__(self,name="td"):
BodyElement.__init__(self)
self.name=name
@@ -1073,7 +1075,7 @@ def WriteXML (self,f):
f.write('</'+self.name+'>')
-class xhtml_img(Inline):
+class xhtml_img(Inline,HTML):
def __init__ (self):
BodyElement.__init__(self)
self.src=None
@@ -1110,11 +1112,11 @@ def WriteXML (self,f):
f.write(' height="'+str(self.height)+'"')
f.write("/>")
-class xhtml_br(Inline):
+class xhtml_br(Inline,HTML):
def WriteXML (self,f):
f.write("<br/>\n")
-class xhtml_text(Inline):
+class xhtml_text(Inline,HTML):
def __init__ (self,text=""):
self.text=text
View
@@ -3022,48 +3022,29 @@ def AppendElement (self,element):
def GetFlowLevel (self):
return self.flow_level
+ def AppendHTMLContainer (self,content):
+ container=xhtml_div()
+ container.SetClass('html')
+ container.AppendElement(xhtml_text(content))
+ self.parent.AppendElement(container)
+
def CloseObject (self):
- pFlag=1
+ buffer=None
for child in self.children:
- if not isinstance(child,Inline):
- pFlag=0
- break
- if pFlag:
- # All our children are inline, so we can be a simple <p>
- element=xhtml_p()
- if self.flowclass and self.flowclass.lower()!='block':
- element.SetClass(self.flowclass)
- for child in self.children:
- element.AppendElement(child)
- self.parent.AppendElement(element)
- else:
- divFlag=1
- if self.flowclass and self.flowclass.lower()!='block':
- element=xhtml_div()
- element.SetClass(self.flowclass)
- elif self.flow_level:
- element=xhtml_div()
- element.SetClass("flow_"+str(self.flow_level))
- else:
- element=self.parent
- divFlag=0
- # Complex content, group inlines into paragraphs
- p=None
- for child in self.children:
- if isinstance(child,Inline):
- if not p:
- p=xhtml_p()
- p.AppendElement(child)
+ if isinstance(child,HTML):
+ if not buffer:
+ buffer=StringIO.StringIO()
+ if isinstance(child,xhtml_text):
+ buffer.write(child.ExtractText())
else:
- if p:
- element.AppendElement(p)
- p=None
- element.AppendElement(child)
- # left over p should be added, this was a bad bug!
- if p:
- element.AppendElement(p)
- if divFlag:
- self.parent.AppendElement(element)
+ child.WriteXML(buffer)
+ else:
+ if buffer:
+ self.AppendHTMLContainer(buffer.getvalue())
+ buffer=None
+ self.parent.AppendElement(child)
+ if buffer:
+ self.AppendHTMLContainer(buffer.getvalue())
# FlowMat
@@ -3537,14 +3518,7 @@ def MakeText (self):
span.AppendElement(element)
element=span
elif self.type=='text/html':
- p=XMLParser()
- try:
- tokens=p.TokenizeString(self.data)
- self.ParseTextTokens(tokens)
- except XMLException:
- self.PrintWarning("Warning: failed to make well-formed XML out of embedded text/html (%s: %s)"%(str(sys.exc_info()[0]),str(sys.exc_info()[1])))
- self.PrintWarning("Warning: offending text/html will be left undecoded")
- self.characters(self.data)
+ self.characters(self.data)
self.endElement('qtihtml')
element=None
elif self.type=='text/rtf':

0 comments on commit a07627a

Please sign in to comment.