Escape recursively

stckme · Feb 9, 2024 · ced6ea7 · ced6ea7
1 parent e956d33
commit ced6ea7
Show file tree

Hide file tree

Showing 14 changed files with 49 additions and 45 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,7 +4,7 @@ History
 
 0.18.0 (2024-02-09)
 -------------------
-- html.escape all the url attributes
+- html.escape all the attributes
 - Match link domain more precisely.
 - Image height or width can be individually specified
 

diff --git a/tests/test_transform.py b/tests/test_transform.py
@@ -69,10 +69,8 @@ def build_test_data():
 
             ## Use this to (re)generate the html files
             # if data_type == "json":
-            #     renderer = tiptapy.BaseDoc(config)
-            #     rendered = renderer.render(data)
             #     with open(file_path.replace("json", "html"), "w") as f:
-            #         f.write(rendered)
+            #         f.write(tiptapy.BaseDoc(config).render(data))
 
     return store["json"], store["html"]
 

diff --git a/tiptapy/__init__.py b/tiptapy/__init__.py
@@ -28,10 +28,6 @@ def init_env(path, config):
     env.globals["url2mime"] = url2mime
     env.globals["make_img_src"] = make_img_src
     env.globals["handle_links"] = build_link_handler(config)
-    # Cause jinja2 `e` filter is not exactly same as html.escape
-    env.globals["escape"] = escape
-    env.filters["escape"] = escape
-    env.filters["str"] = str
     env.globals["get_audio_player_block"] = get_audio_player_block
     env.globals["get_doc_block"] = get_doc_block
 
@@ -47,6 +43,19 @@ def _get_abs_template_path(path_str):
     return os.path.join(pkg_dir, path_str)
 
 
+def escape_recursive(node):
+    if isinstance(node, dict):
+        for k, v in node.items():
+            if k != "html":
+                node[k] = escape_recursive(v)
+    elif isinstance(node, list):
+        for i, v in enumerate(node):
+            node[i] = escape_recursive(v)
+    elif isinstance(node, str):
+        return escape(node)
+    return node
+
+
 class BaseDoc:
     doc_type = "doc"
     templates_path = (
@@ -66,4 +75,5 @@ def __init__(self, config):
     def render(self, in_data):
         in_data = in_data if isinstance(in_data, dict) else json.loads(in_data)
         node = in_data if isinstance(in_data, dict) else json.loads(in_data)
+        node = escape_recursive(node)
         return self.t.render(node=node)
diff --git a/tiptapy/image.py b/tiptapy/image.py
@@ -1,7 +1,6 @@
 # Image file type and it's MIME type mappings that are suported by tiptapy.
 # Detailed documentation can be found about Image file type and format guide.
 # Link: https://developer.mozilla.org/en-US/docs/Web/Media/Formats/Image_types
-from html import escape
 from os.path import splitext
 
 
@@ -24,4 +23,4 @@ def __missing__(self, ext):
 def url2mime(url):
     ext = splitext(url)[-1]
     ext = (ext[1:] if ext.startswith(".") else ext).upper()
-    return escape(SUPPORTED_FORMATS_MAP[ext])
+    return SUPPORTED_FORMATS_MAP[ext]
diff --git a/tiptapy/macros.py b/tiptapy/macros.py
@@ -1,14 +1,13 @@
 import pkgutil
-from html import escape
 from string import Template
 from urllib.parse import urlparse
 
 
 def make_img_src(attrs):
-    alt = escape(attrs.get("alt", "").strip())
-    height = escape(str(attrs.get("height", "")))
-    width = escape(str(attrs.get("width", "")))
-    fallback_url = escape(attrs["src"]["fallback"].strip())
+    alt = attrs.get("alt", "").strip()
+    height = attrs.get("height", "")
+    width = attrs.get("width", "")
+    fallback_url = attrs["src"]["fallback"].strip()
     img = f'img src="{fallback_url}"'
     if alt:
         img += f' alt="{alt}"'
@@ -32,9 +31,7 @@ def handle_links(attrs):
             ):
                 attrs["target"] = "_blank"
                 attrs["rel"] = "noopener nofollow"
-            retval = " ".join(
-                f'{k}="{escape(v)}"' for k, v in attrs.items() if v is not None
-            )
+            retval = " ".join(f'{k}="{v}"' for k, v in attrs.items() if v is not None)
         return retval
 
     return handle_links

diff --git a/tiptapy/templates/codeBlock.html b/tiptapy/templates/codeBlock.html
@@ -1,6 +1,6 @@
 {%- set language = node.attrs.language|default("") -%}
 {%- if node.content -%}
-  {%- set text = escape(node.content[0].text) -%}
+  {%- set text node.content[0].text -%}
   {%- if text -%}
     <div><pre>
       {%- if language -%}

diff --git a/tiptapy/templates/code_block.html b/tiptapy/templates/code_block.html
@@ -1,6 +1,6 @@
-{%- set language = node.attrs.language|default("")|escape -%}
+{%- set language = node.attrs.language|default("") -%}
 {%- if node.content -%}
-  {%- set text = node.content[0].text|escape -%}
+  {%- set text = node.content[0].text -%}
   {%- if text -%}
     <div><pre>
       {%- if language -%}

diff --git a/tiptapy/templates/doc.html b/tiptapy/templates/doc.html
@@ -2,10 +2,10 @@
   <div{% for attr, value in node.attrs.data.items() %} data-{{attr}}="{{value}}"{% endfor %}>
 {%- endif -%}
 {%- for item in node.content -%}
-  {%- with template=item.type + '.html', node=item -%} 
+  {%- with template=item.type + '.html', node=item -%}
     {%- include template -%}
   {%- endwith -%}
 {%- endfor -%}
 {%- if node.attrs and node.attrs.data -%}
   </div>
-{%- endif -%}
+{%- endif -%}
diff --git a/tiptapy/templates/embed.html b/tiptapy/templates/embed.html
@@ -9,7 +9,7 @@
 {%- endfor -%}
 {%- if node.attrs.type == "video" -%}
   {%- if node.attrs.caption and node.attrs.caption|trim -%}
-<figure>{{node.attrs.html}}<figcaption>{{escape(node.attrs.caption)}}</figcaption></figure>
+<figure>{{node.attrs.html}}<figcaption>{{node.attrs.caption}}</figcaption></figure>
   {%- else -%}
 <figure>{{html}}</figure>
   {%- endif -%}

diff --git a/tiptapy/templates/extras/audio.html b/tiptapy/templates/extras/audio.html
@@ -1,7 +1,7 @@
 {%- if node.attrs.src -%}
-  {%- set caption = node.attrs.caption|trim|escape -%}
+  {%- set caption = node.attrs.caption|trim -%}
   {%- set audio_player_block = get_audio_player_block() -%}
-  {%- set src = node.attrs.src|trim|escape -%}
+  {%- set src = node.attrs.src|trim -%}
 
   <figure class="audio-player-container">
     {%- if caption -%}

diff --git a/tiptapy/templates/extras/document.html b/tiptapy/templates/extras/document.html
@@ -1,8 +1,8 @@
-{%- set caption = node.attrs.caption|trim|escape -%}
-{%- set src = node.attrs.src|trim|escape -%}
-{%- set size = node.attrs.size|trim|escape -%}
-{%- set fname = node.attrs.name|trim|escape -%}
-{%- set ext = node.attrs.format|trim|escape -%}
+{%- set caption = node.attrs.caption|trim -%}
+{%- set src = node.attrs.src|trim -%}
+{%- set size = node.attrs.size|trim -%}
+{%- set fname = node.attrs.name|trim -%}
+{%- set ext = node.attrs.format|trim -%}
 {%- if src and size and fname and ext -%}
   {%- set doc_block = get_doc_block(ext, fname, size, src) -%}
   <figure class="file-attachment">

diff --git a/tiptapy/templates/extras/featuredimage.html b/tiptapy/templates/extras/featuredimage.html
@@ -1,13 +1,13 @@
 {%- if node.attrs.src -%}
-  {%- set image_url = node.attrs.src.image|trim|escape -%}
+  {%- set image_url = node.attrs.src.image|trim -%}
   {%- set image_type = url2mime(image_url) -%}
-  {%- set fallback_url = node.attrs.src.fallback|trim|escape -%}
+  {%- set fallback_url = node.attrs.src.fallback|trim -%}
   {%- set fallback_type = url2mime(fallback_url) -%}
 
-  {%- set caption = node.attrs.caption|trim|escape -%}
-  {%- set alt = node.attrs.alt|trim|escape -%}
-  {%- set height = node.attrs.height|str|escape -%}
-  {%- set width = node.attrs.width|str|escape -%}
+  {%- set caption = node.attrs.caption|trim -%}
+  {%- set alt = node.attrs.alt|trim -%}
+  {%- set height = node.attrs.height -%}
+  {%- set width = node.attrs.width -%}
 
   {%- if image_url or fallback_url -%}
     <figure class="featured-image"><picture><source srcset="{{ image_url }}" type="{{ image_type }}"/><source srcset="{{ fallback_url }}" type="{{ fallback_type }}"/><{{ make_img_src(node.attrs) }}/></picture>

diff --git a/tiptapy/templates/image.html b/tiptapy/templates/image.html
@@ -1,11 +1,11 @@
 {%- if node.attrs.src -%}
-  {%- set caption = node.attrs.caption|trim|escape -%}
-  {%- set alt = node.attrs.alt|trim|escape -%}
-  {%- set height = node.attrs.height|str|escape -%}
-  {%- set width = node.attrs.width|str|escape -%}
-  {%- set image_url = node.attrs.src.image|trim|escape -%}
+  {%- set caption = node.attrs.caption|trim -%}
+  {%- set alt = node.attrs.alt|trim -%}
+  {%- set height = node.attrs.height -%}
+  {%- set width = node.attrs.width -%}
+  {%- set image_url = node.attrs.src.image|trim -%}
   {%- set image_type = url2mime(image_url) -%}
-  {%- set fallback_url = node.attrs.src.fallback|trim|escape -%}
+  {%- set fallback_url = node.attrs.src.fallback|trim -%}
   {%- set fallback_type = url2mime(fallback_url) -%}
 
   {%- if image_url or fallback_url -%}

diff --git a/tiptapy/templates/text.html b/tiptapy/templates/text.html
@@ -1,4 +1,4 @@
-{% set ns = namespace(text=escape(node.text)) %}
+{% set ns = namespace(text=node.text) %}
 {%- for mark in node.marks -%}
   {%- set ns.text -%}
     {%- with template='marks/' + mark.type + '.html', text=ns.text, mark=mark -%}
@@ -7,4 +7,4 @@
   {%- endset -%}
 {%- endfor -%}
 
-{{ns.text}}
+{{ns.text}}