[Zope-Checkins] SVN: Zope/trunk/ - Always unescape element contents
on webdav.xmltools
Sidnei da Silva
sidnei at awkly.org
Tue Nov 2 12:31:00 EST 2004
Log message for revision 28320:
- Always unescape element contents on webdav.xmltools
- Use saxutils to escape/unescape values for/from
PROPFIND/PROPPATCH.
- Make OFS.PropertySheet use the escaping function from
webdav.xmltools.
- Escape/unescape " and '
- Set a default value of '' for the new 'alt' property as not to
break existing content.
Changed:
U Zope/trunk/doc/CHANGES.txt
U Zope/trunk/lib/python/OFS/Image.py
U Zope/trunk/lib/python/OFS/PropertySheets.py
U Zope/trunk/lib/python/webdav/xmltools.py
-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt 2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/doc/CHANGES.txt 2004-11-02 17:31:00 UTC (rev 28320)
@@ -30,20 +30,33 @@
the docutils package except some GPLed files which can not be included
with the Zope distribution due to license constraints on svn.zope.org.
- - docutils: moved from lib/python/docutils to
- lib/python/third_party/docutils
+ - docutils: moved from lib/python/docutils to
+ lib/python/third_party/docutils
- Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
attribute is no longer taken from the 'title' property but from the new
- 'alt' property. The border="0" attribute is no longer part of the HTML
+ 'alt' property. The border="0" attribute is no longer part of the HTML
output except specified otherwise.
-
- - Collector #1511: made IPCServer show up in the Control Panel under
+
+ - Set a default value of '' for the new 'alt' property as not to
+ break existing content.
+
+ - Collector #1511: made IPCServer show up in the Control Panel under
"Network Services"
- - Collector #1443: Applied patch by Simon Eisenmann that reimplements
+ - Collector #1443: Applied patch by Simon Eisenmann that reimplements
the XML parser used in WebDAV fixing a memory leak.
+ - Always unescape element contents on webdav.xmltools
+
+ - Use saxutils to escape/unescape values for/from
+ PROPFIND/PROPPATCH.
+
+ - Make OFS.PropertySheet use the escaping function from
+ webdav.xmltools.
+
+ - Escape/unescape " and '
+
Zope 2.8a1
@@ -77,14 +90,14 @@
- The DateTime parser now throws a SyntaxError upon any parsing errors.
- ZCatalog: added a new configuration option in the "Advanced" tab
- to provide optional logging of the progress of long running
+ to provide optional logging of the progress of long running
reindexing or recataloging operations.
- made Zope.configure return the starter instance to enable other
methods to be called, such as starter.setupConfiguredLoggers()
- Improved Unicode handling in Page Templates. Template contents
- and title will now be saved as a Unicode string if
+ and title will now be saved as a Unicode string if
the management_page_charset variable can be acquired and is true.
The character set of an uploaded file can now be specified.
@@ -191,11 +204,11 @@
(for pre-Zope 2.5 instances) has been removed. If you want to migrate
from such an old version to Zope 2.8, you need to clear and reindex
your ZCatalog).
-
- - Collector #1457: ZCTextIndex's QueryError and ParseError
+
+ - Collector #1457: ZCTextIndex's QueryError and ParseError
are now available for import from untrusted code.
- - Collector #1473: zpasswd.py can now accept --username
+ - Collector #1473: zpasswd.py can now accept --username
without --password
- Collector #1491: talgettext.py did not create a proper header
@@ -213,15 +226,15 @@
- Removed DWIM'y attempt to filter acquired-but-not-aceessible
results from 'guarded_getattr'.
- - Collector #1267: applied patch to fix segmentation faults on
+ - Collector #1267: applied patch to fix segmentation faults on
x86_64 systems
- - ZReST: the charset used in the rendered HTML was not set to the
+ - ZReST: the charset used in the rendered HTML was not set to the
corresponding output_encoding property of the ZReST instance. In addition
- changing the encodings through the Properties tab did not re-render
+ changing the encodings through the Properties tab did not re-render
the HTML.
- - Collector #1234: an exception triple passed to LOG() was not
+ - Collector #1234: an exception triple passed to LOG() was not
propagated properly to the logging module of Python
- Collector #1441: Removed headers introduced to make Microsoft
@@ -246,8 +259,8 @@
- added "version.txt" to setup.py to avoid untrue "unreleased version"
messages within the control panel
- - Collector #1436: applied patch to fix a memory leak in
- cAccessControl.
+ - Collector #1436: applied patch to fix a memory leak in
+ cAccessControl.
- Collector #1431: fixed NetBSD support in initgroups.c
@@ -261,17 +274,17 @@
- Zope can now be embedded in C/C++ without exceptions being raised
in zdoptions.
- - Collector #1213: Fixed wrong labels of cache parameters
+ - Collector #1213: Fixed wrong labels of cache parameters
- Collector #1265: Fixed handling of orphans in ZTUtil.Batch
- Collector #1293: missing 'address' parameters within one of the server
- sections raise an exception.
+ sections raise an exception.
- Collector #1345: AcceleratedHTTPCacheManager now sends the
Last-Modified header.
- - Collector #1126: ZPublisher.Converters.field2lines now using
+ - Collector #1126: ZPublisher.Converters.field2lines now using
splitlines() instead of split('\n').
- Collector #1322: fixed HTML quoting problem with ZSQL methods
@@ -283,14 +296,14 @@
- Collector #1259: removed the "uninstall" target from the Makefile
since the uninstall routine could also remove non-Zope files. Because
- this was to dangerous it has been removed completely.
+ this was to dangerous it has been removed completely.
- Collector #1299: Fixed bug in sequence.sort()
- Collector #1159: Added test for __MACH__ to initgroups.c so the
initgroups method becomes available on Mac OS X.
- - Collector #1004: text,token properties were missing in
+ - Collector #1004: text,token properties were missing in
PropertyManager management page.
- Display index name on error message when index can't be used as
Modified: Zope/trunk/lib/python/OFS/Image.py
===================================================================
--- Zope/trunk/lib/python/OFS/Image.py 2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/OFS/Image.py 2004-11-02 17:31:00 UTC (rev 28320)
@@ -76,6 +76,7 @@
precondition=''
size=None
+ alt=''
manage_editForm =DTMLFile('dtml/fileEdit',globals(),
Kind='File',kind='file')
Modified: Zope/trunk/lib/python/OFS/PropertySheets.py
===================================================================
--- Zope/trunk/lib/python/OFS/PropertySheets.py 2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/OFS/PropertySheets.py 2004-11-02 17:31:00 UTC (rev 28320)
@@ -807,15 +807,12 @@
return attr()
return attr
-
-def xml_escape(v):
- """ convert any content from ISO-8859-1 to UTF-8
- The main use is to escape non-US object property values
- (e.g. containing accented characters). Also we convert "<" and ">"
- to entities to keep the properties XML compliant.
- """
- v = str(v)
- v = v.replace('&', '&')
- v = v.replace('<', '<')
- v = v.replace('>', '>')
- return unicode(v,"latin-1").encode("utf-8")
+def xml_escape(value):
+ from webdav.xmltools import escape
+ if not isinstance(value, basestring):
+ value = unicode(value)
+ if not isinstance(value, unicode):
+ # XXX It really shouldn't be hardcoded to latin-1 here.
+ value = value.decode('latin-1')
+ value = escape(value)
+ return value.encode('utf-8')
Modified: Zope/trunk/lib/python/webdav/xmltools.py
===================================================================
--- Zope/trunk/lib/python/webdav/xmltools.py 2004-11-02 16:41:07 UTC (rev 28319)
+++ Zope/trunk/lib/python/webdav/xmltools.py 2004-11-02 17:31:00 UTC (rev 28320)
@@ -10,13 +10,10 @@
# FOR A PARTICULAR PURPOSE
#
##############################################################################
-
-
-"""
+"""
WebDAV XML request parsing tool using xml.minidom as xml parser.
Code contributed by Simon Eisenmann, struktur AG, Stuttgart, Germany
"""
-
__version__='$Revision: 1.15.2.1 $'[11:-2]
"""
@@ -26,55 +23,88 @@
and find out if some code uses/requires these methods.
=> If yes implement them, else forget them.
-
+
NOTE: So far i didn't have any problems.
If you have problems please report them.
"""
from xml.dom import minidom
+from xml.sax.saxutils import escape as _escape, unescape as _unescape
+escape_entities = {'"': '"',
+ "'": ''',
+ }
+
+unescape_entities = {'"': '"',
+ ''': "'",
+ }
+
+def escape(value, entities=None):
+ _ent = escape_entities
+ if entities is not None:
+ _ent = _ent.copy()
+ _ent.update(entities)
+ return _escape(value, entities)
+
+def unescape(value, entities=None):
+ _ent = unescape_entities
+ if entities is not None:
+ _ent = _ent.copy()
+ _ent.update(entities)
+ return _unescape(value, entities)
+
+# XXX latin-1 is hardcoded on OFS.PropertySheets as the expected
+# encoding properties will be stored in. Optimally, we should use the
+# same encoding as the 'default_encoding' property that is used for
+# the ZMI.
+zope_encoding = 'latin-1'
+
class Node:
- """ our nodes no matter what type """
-
+ """ Our nodes no matter what type
+ """
+
node = None
-
+
def __init__(self, node):
self.node=node
-
+
def elements(self, name=None, ns=None):
- nodes=[ Node(n) for n in self.node.childNodes if n.nodeType == n.ELEMENT_NODE and \
- ((name is None) or ((n.localName.lower())==name)) and \
- ((ns is None) or (n.namespaceURI==ns)) ]
+ nodes = []
+ for n in self.node.childNodes:
+ if (n.nodeType == n.ELEMENT_NODE and
+ ((name is None) or ((n.localName.lower())==name)) and
+ ((ns is None) or (n.namespaceURI==ns))):
+ nodes.append(Element(n))
return nodes
def qname(self):
- return '%s%s' % (self.namespace(), self.name())
-
+ return '%s%s' % (self.namespace(), self.name())
+
def addNode(self, node):
# XXX: no support for adding nodes here
raise NotImplementedError, 'addNode not implemented'
def toxml(self):
return self.node.toxml()
-
+
def strval(self):
- return self.toxml()
-
+ return self.toxml().encode(zope_encoding)
+
def name(self): return self.node.localName
def attrs(self): return self.node.attributes
def value(self): return self.node.nodeValue
def nodes(self): return self.node.childNodes
def nskey(self): return self.node.namespaceURI
-
+
def namespace(self): return self.nskey()
-
+
def del_attr(self, name):
- # XXX: no support for removing attributes
+ # XXX: no support for removing attributes
# zope can calls this after remapping to remove namespace
# haven't seen this happening though
return None
-
+
def remap(self, dict, n=0, top=1):
# XXX: this method is used to do some strange remapping of elements
# and namespaces .. not sure how to do this with minidom
@@ -87,18 +117,31 @@
return "<Node %s (from %s)>" % (self.name(), self.namespace())
else: return "<Node %s>" % self.name()
+class Element(Node):
+ def toxml(self):
+ # When dealing with Elements, we only want the Element's content.
+ result = u''
+ for n in self.node.childNodes:
+ value = n.toxml()
+ # Use unescape possibly escaped values. We do this
+ # because the value is *always* escaped in it's XML
+ # representation, and if we store it escaped it will come
+ # out *double escaped* when doing a PROPFIND.
+ value = unescape(value, entities=unescape_entities)
+ result += value
+ return result
+
class XmlParser:
- """ simple wrapper around minidom to support the required
- interfaces for zope.webdav
+ """ Simple wrapper around minidom to support the required
+ interfaces for zope.webdav
"""
dom = None
-
+
def __init__(self):
pass
-
+
def parse(self, data):
- self.dom=minidom.parseString(data)
+ self.dom = minidom.parseString(data)
return Node(self.dom)
-
More information about the Zope-Checkins
mailing list