[Mpuls-commits] r294 - in wasko/trunk: . waskaweb/lib
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Feb 24 13:08:54 CET 2009
Author: teichmann
Date: 2009-02-24 13:08:51 +0100 (Tue, 24 Feb 2009)
New Revision: 294
Modified:
wasko/trunk/ChangeLog.txt
wasko/trunk/waskaweb/lib/renderer.py
Log:
Fixed quoting in HTML attributes in form page rendering.
Modified: wasko/trunk/ChangeLog.txt
===================================================================
--- wasko/trunk/ChangeLog.txt 2009-02-24 11:31:12 UTC (rev 293)
+++ wasko/trunk/ChangeLog.txt 2009-02-24 12:08:51 UTC (rev 294)
@@ -1,5 +1,11 @@
-2009-02-23 Sascha L. Teichmann <teichmann at intevation.de>
+2009-02-24 Sascha L. Teichmann <teichmann at intevation.de>
+ * waskaweb/lib/renderer.py: Fixed quoting in HTML attributes. This
+ was broken for a very long time. Urgent TODO: WASKA and the
+ Offline Client need this fix, too!
+
+2009-02-24 Sascha L. Teichmann <teichmann at intevation.de>
+
* waskaweb/lib/renderer.py: In read only mode render radio bools in
radio matrices with disabled flag. Do not give them id to cure
the generated HTML.
Modified: wasko/trunk/waskaweb/lib/renderer.py
===================================================================
--- wasko/trunk/waskaweb/lib/renderer.py 2009-02-24 11:31:12 UTC (rev 293)
+++ wasko/trunk/waskaweb/lib/renderer.py 2009-02-24 12:08:51 UTC (rev 294)
@@ -38,6 +38,8 @@
from cgi import escape
+from xml.sax.saxutils import quoteattr
+
import re
from datetime import date
@@ -305,8 +307,8 @@
if not self.ro_mode:
if name:
- out.append('<input type="hidden" name="page" value="%s">\n' \
- % escape(name, True))
+ out.append('<input type="hidden" name="page" value=%s>\n' \
+ % quoteattr(name))
out.append('<div class="waska_form_element w100">')
out.append('<input type="submit" value="Übernehmen">\n')
if showNext:
@@ -396,11 +398,11 @@
rname = row.getName()
if fdata.hasError(rname):
- label = u'<span class="error_font">%s</span>' % row.getDescription()
+ label = u'<span class="error_font">%s</span>' % escape(row.getDescription())
elif fdata.hasWarning(rname):
- label = u'<span class="warning_font">%s</span>' % row.getDescription()
+ label = u'<span class="warning_font">%s</span>' % escape(row.getDescription())
else:
- label = row.getDescription()
+ label = escape(row.getDescription())
out.append(
u'<tr>'
@@ -424,7 +426,7 @@
# write legend
if legend:
out.append(
- u'<tr><td class="formed-radiomatrix-legend" colspan=%s>'
+ u'<tr><td class="formed-radiomatrix-legend" colspan="%s">'
u'<span class="formed-radiomatrix-legend">%s</span></td></tr>' % (
len(node.children[0].children)+1, ", ".join(legend)))
out.append("</table>")
@@ -476,8 +478,8 @@
label = self._renderLabel(description, name, help=help)
if name:
- name = escape(name, True)
- name = 'name="%s" id="%s"' % (name, name)
+ name = quoteattr(name)
+ name = 'name=%s id=%s' % (name, name)
else:
name = ""
@@ -526,7 +528,7 @@
toSelect = self.stateStack[-1]
selected = toSelect == (value or value==0) and "selected" or ""
- if (value or value==0): value = 'value="%s"' % escape(value, True)
+ if (value or value==0): value = 'value=%s' % quoteattr(value)
else: value = ""
if description: description = escape(description)
@@ -555,20 +557,14 @@
required = required and 'class="required"' or ''
if value:
- value = u'value="%s"' % escape(value, True)
+ value = u'value=%s' % quoteattr(value)
else:
value = ""
- if pname: oname = u'name="%s"' % escape(pname, True)
- elif name: oname = u'name="%s"' % escape(name, True)
+ if pname: oname = u'name=%s' % quoteattr(pname)
+ elif name: oname = u'name=%s' % quoteattr(name)
else: oname = u''
- #if name: id = u'id="%s"' % escape(name, True)
- #else: id = ""
-
- #out = u'<input type="radio" %s %s %s %s %s %s>\n' % (
- # oname, id, value, required, checked, SET_MODIFICATION)
-
disabled = self.ro_mode and 'disabled' or ''
out = u'<input type="radio" %s %s %s %s %s %s>\n' % (
@@ -595,11 +591,11 @@
else:
value = ""
- if pname: oname = u'name="%s"' % escape(pname, True)
- elif name: oname = u'name="%s"' % escape(name, True)
+ if pname: oname = u'name=%s' % quoteattr(pname)
+ elif name: oname = u'name=%s' % quoteattr(name)
else: oname = u''
- if name: id = u'id="%s"' % escape(name, True)
+ if name: id = u'id="%s"' % quoteattr(name)
else: id = ""
if self.ro_mode:
@@ -621,7 +617,7 @@
data = self.formdata.getData(name)
if data == "1":
- value = 'value="%s"' % escape(data, True)
+ value = 'value=%s' % quoteattr(data)
checked = "checked"
else:
value, checked = "", ""
@@ -629,8 +625,8 @@
label = self._renderLabel(description, name)
if name:
- name = escape(name, True)
- name = 'name="%s" id="%s"' % (name, name)
+ name = quoteattr(name)
+ name = 'name=%s id=%s' % (name, name)
else:
name = ''
@@ -659,15 +655,15 @@
if description:
if name:
if error:
- return u'<label for="%s" class="error_font"><a name="f_%s">%s</a> %s</label>%s\n' % (
- escape(name, True), escape(name, True), escape(description), helpmsg, newline)
+ return u'<label for=%s class="error_font"><a name="f_%s">%s</a> %s</label>%s\n' % (
+ quoteattr(name), escape(name), escape(description), helpmsg, newline)
if warn:
- return u'<label for="%s" class="warning_font"><a name="f_%s">%s</a> %s</label>%s\n' % (
- escape(name, True), escape(name, True), escape(description), helpmsg, newline)
+ return u'<label for=%s class="warning_font"><a name="f_%s">%s</a> %s</label>%s\n' % (
+ quoteattr(name), escape(name), escape(description), helpmsg, newline)
- return u'<label for="%s"><a name="f_%s">%s</a> %s</label>%s\n' % (
- escape(name, True), escape(name, True), escape(description), helpmsg, newline)
+ return u'<label for=%s><a name="f_%s">%s</a> %s</label>%s\n' % (
+ quoteattr(name), escape(name), escape(description), helpmsg, newline)
return u"%s " % escape(description)
return ""
@@ -687,20 +683,20 @@
css_class = []
- if data: value = escape(data, True)
+ if data: value = escape(data)
else: value = ""
- if rows: rows = 'rows="%s"' % escape(rows, True)
+ if rows: rows = 'rows=%s' % quoteattr(rows)
else: rows = ""
- if cols: cols = 'cols="%s"' % escape(cols, True)
+ if cols: cols = 'cols=%s' % quoteattr(cols)
else: cols = ""
out = [ self._renderLabel(description, name, help=help) ]
if name:
- name = escape(name, True)
- name = 'name="%s" id="%s"' % (name, name)
+ name = quoteattr(name)
+ name = 'name=%s id=%s' % (name, name)
else:
name = ""
@@ -736,14 +732,14 @@
warn = self.formdata.hasWarning(name)
css_class = []
- if data: value = 'value="%s"' % escape(data, True)
+ if data: value = 'value=%s' % quoteattr(data)
else: value = ""
out = [ self._renderLabel(description, name, help=help) ]
if name:
- name = escape(name, True)
- name = 'name="%s" id="%s"' % (name, name)
+ name = quoteattr(name)
+ name = 'name=%s id=%s' % (name, name)
else:
name = ""
@@ -777,13 +773,13 @@
warn = self.formdata.hasWarning(name)
css_class = ['field']
- if data: value = 'value="%s"' % escape(data, True)
+ if data: value = 'value=%s' % quoteattr(data)
else: value = ""
- if size: size = 'size="%s"' % escape(size, True)
+ if size: size = 'size=%s' % quoteattr(size)
else: size = ""
- if length: length = 'maxlength="%s"' % escape(length, True)
+ if length: length = 'maxlength=%s' % quoteattr(length)
else: length = ""
if self.ro_mode:
@@ -794,9 +790,8 @@
out = [ self._renderLabel(description, name, help=help) ]
if name:
-
- name = escape(name, True)
- name = 'name="%s" id="%s"' % (name, name)
+ name = quoteattr(name)
+ name = 'name=%s id=%s' % (name, name)
else:
name = ""
@@ -825,7 +820,7 @@
warn = self.formdata.hasWarning(name)
css_class = ['intfield']
- if data: value = 'value="%s"' % escape(data, True)
+ if data: value = 'value=%s' % quoteattr(data)
else: value = ""
try:
@@ -840,9 +835,9 @@
out = [ self._renderLabel(description, name, help=help) ]
if name:
- name = escape(name, True)
- id = 'id="%s"' % name
- name = 'name="%s"' % name
+ name = quoteattr(name)
+ id = 'id=%s' % name
+ name = 'name=%s' % name
else:
id, name = "", ""
@@ -995,8 +990,8 @@
links = []
if counter:
for item in v:
- links.append(u'<a href="#f_%s" title="%s">%d</a>' % (
- item[0], item[1], counter))
+ links.append(u'<a href="#f_%s" title=%s>%d</a>' % (
+ item[0], quoteattr(item[1]), counter))
counter += 1
else:
for item in v:
More information about the Mpuls-commits
mailing list