X-Git-Url: http://git.ithinksw.org/philo.git/blobdiff_plain/3105e851ce4d7d426b3cffbd601c5b4e12075b41..785b59352880027f54ea0e81335d179eccee75f1:/validators.py

diff --git a/validators.py b/validators.py
index 106db8b..8b39abd 100644
--- a/validators.py
+++ b/validators.py
@@ -1,15 +1,17 @@
 from django.utils.translation import ugettext_lazy as _
 from django.core.validators import RegexValidator
 from django.core.exceptions import ValidationError
+from django.template import Template, Parser, Lexer, TOKEN_BLOCK, TOKEN_VAR, TemplateSyntaxError
 from django.utils import simplejson as json
 import re
+from philo.utils import LOADED_TEMPLATE_ATTR
 
 
-LOADED_TEMPLATE_ATTR = '_philo_loaded_template'
 INSECURE_TAGS = (
 	'load',
 	'extends',
 	'include',
+	'debug',
 )
 
 
@@ -43,11 +45,8 @@ class URLLinkValidator(RegexValidator):
 def json_validator(value):
 	try:
 		json.loads(value)
-	except:
-		raise ValidationError(u'\'%s\' is not valid JSON' % value)
-
-
-from django.template import Template, Parser, Lexer, TOKEN_BLOCK
+	except Exception, e:
+		raise ValidationError(u'JSON decode error: %s' % e)
 
 
 class TemplateValidationParser(Parser):
@@ -59,7 +58,7 @@ class TemplateValidationParser(Parser):
 		if secure:
 			disallow |= set(INSECURE_TAGS)
 		
-		self.allow, self.disallow = allow, disallow
+		self.allow, self.disallow, self.secure = allow, disallow, secure
 	
 	def parse(self, parse_until=None):
 		if parse_until is None:
@@ -112,7 +111,9 @@ class TemplateValidationParser(Parser):
 		return nodelist
 	
 	def disallowed_tag(self, command):
-		raise ValidationError("Tag not allowed: %s" % command)
+		if self.secure and command in INSECURE_TAGS:
+			raise ValidationError('Tag "%s" is not permitted for security reasons.' % command)
+		raise ValidationError('Tag "%s" is not permitted here.' % command)
 
 
 class TemplateValidator(object):