-class TreeParentValidator(object):
- """
- constructor takes instance and parent_attr, where instance is the model
- being validated and parent_attr is where to look on that parent for the
- comparison.
- """
- #message = _("A tree element can't be its own parent.")
- code = 'invalid'
-
- def __init__(self, instance, parent_attr=None, message=None, code=None):
- self.instance = instance
- self.parent_attr = parent_attr
- self.static_message = message
- if code is not None:
- self.code = code
-
- def __call__(self, value):
- """
- Validates that the self.instance is not found in the parent tree of
- the node given as value.
- """
- parent = value
+INSECURE_TAGS = (
+ 'load',
+ 'extends',
+ 'include',
+ 'debug',
+)
+
+
+class RedirectValidator(RegexValidator):
+ """Based loosely on the URLValidator, but no option to verify_exists"""
+ regex = re.compile(
+ r'^(?:https?://' # http:// or https://
+ r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain...
+ r'localhost|' #localhost...
+ r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
+ r'(?::\d+)?' # optional port
+ r'(?:/?|[/?#]?\S+)|'
+ r'[^?#\s]\S*)$',
+ re.IGNORECASE)
+ message = _(u'Enter a valid absolute or relative redirect target')
+
+
+class URLLinkValidator(RegexValidator):
+ """Based loosely on the URLValidator, but no option to verify_exists"""
+ regex = re.compile(
+ r'^(?:https?://' # http:// or https://
+ r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain...
+ r'localhost|' #localhost...
+ r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
+ r'(?::\d+)?' # optional port
+ r'|)' # also allow internal links
+ r'(?:/?|[/?#]?\S+)$', re.IGNORECASE)
+ message = _(u'Enter a valid absolute or relative redirect target')
+
+
+def json_validator(value):
+ try:
+ json.loads(value)
+ except:
+ raise ValidationError(u'\'%s\' is not valid JSON' % value)
+
+
+class TemplateValidationParser(Parser):
+ def __init__(self, tokens, allow=None, disallow=None, secure=True):
+ super(TemplateValidationParser, self).__init__(tokens)