X-Git-Url: http://git.ithinksw.org/philo.git/blobdiff_plain/cec32849d48d9e36c030224e2eb9631d31ef17a2..c5586d632dc2cf5b06af929b2cb38131042c0ed6:/philo/validators.py diff --git a/philo/validators.py b/philo/validators.py index c8e5dc9..4b43047 100644 --- a/philo/validators.py +++ b/philo/validators.py @@ -1,13 +1,15 @@ -from django.utils.translation import ugettext_lazy as _ -from django.core.validators import RegexValidator +import re + from django.core.exceptions import ValidationError from django.template import Template, Parser, Lexer, TOKEN_BLOCK, TOKEN_VAR, TemplateSyntaxError from django.utils import simplejson as json from django.utils.html import escape, mark_safe -import re -from philo.utils import LOADED_TEMPLATE_ATTR +from django.utils.translation import ugettext_lazy as _ + +from philo.utils.templates import LOADED_TEMPLATE_ATTR +#: Tags which are considered insecure and are therefore always disallowed by secure :class:`TemplateValidator` instances. INSECURE_TAGS = ( 'load', 'extends', @@ -16,34 +18,8 @@ INSECURE_TAGS = ( ) -class RedirectValidator(RegexValidator): - """Based loosely on the URLValidator, but no option to verify_exists""" - regex = re.compile( - r'^(?:https?://' # http:// or https:// - r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain... - r'localhost|' #localhost... - r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip - r'(?::\d+)?' # optional port - r'(?:/?|[/?#]?\S+)|' - r'[^?#\s]\S*)$', - re.IGNORECASE) - message = _(u'Enter a valid absolute or relative redirect target') - - -class URLLinkValidator(RegexValidator): - """Based loosely on the URLValidator, but no option to verify_exists""" - regex = re.compile( - r'^(?:https?://' # http:// or https:// - r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain... - r'localhost|' #localhost... - r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip - r'(?::\d+)?' # optional port - r'|)' # also allow internal links - r'(?:/?|[/?#]?\S+)$', re.IGNORECASE) - message = _(u'Enter a valid absolute or relative redirect target') - - def json_validator(value): + """Validates whether ``value`` is a valid json string.""" try: json.loads(value) except Exception, e: @@ -128,6 +104,14 @@ def linebreak_iter(template_source): class TemplateValidator(object): + """ + Validates whether a string represents valid Django template code. + + :param allow: ``None`` or an iterable of tag names which are explicitly allowed. If provided, tags whose names are not in the iterable will cause a ValidationError to be raised if they are used in the template code. + :param disallow: ``None`` or an iterable of tag names which are explicitly allowed. If provided, tags whose names are in the iterable will cause a ValidationError to be raised if they are used in the template code. If a tag's name is in ``allow`` and ``disallow``, it will be disallowed. + :param secure: If the validator is set to secure, it will automatically disallow the tag names listed in :const:`INSECURE_TAGS`. Defaults to ``True``. + + """ def __init__(self, allow=None, disallow=None, secure=True): self.allow = allow self.disallow = disallow