kopia lustrzana https://github.com/simonw/datasette
rodzic
a443dba82f
commit
2bd9d54b27
|
@ -19,9 +19,8 @@ import urllib.parse
|
|||
from concurrent import futures
|
||||
from pathlib import Path
|
||||
|
||||
from markupsafe import Markup
|
||||
from markupsafe import Markup, escape
|
||||
from itsdangerous import URLSafeSerializer
|
||||
import jinja2
|
||||
from jinja2 import ChoiceLoader, Environment, FileSystemLoader, PrefixLoader, escape
|
||||
from jinja2.environment import Template
|
||||
from jinja2.exceptions import TemplateNotFound
|
||||
|
@ -864,7 +863,7 @@ class Datasette:
|
|||
}
|
||||
if request and request.args.get("_context") and self.setting("template_debug"):
|
||||
return "<pre>{}</pre>".format(
|
||||
jinja2.escape(json.dumps(template_context, default=repr, indent=4))
|
||||
escape(json.dumps(template_context, default=repr, indent=4))
|
||||
)
|
||||
|
||||
return await template.render_async(template_context)
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
import os
|
||||
import hashlib
|
||||
import itertools
|
||||
import jinja2
|
||||
import json
|
||||
from markupsafe import Markup, escape
|
||||
from urllib.parse import parse_qsl, urlencode
|
||||
|
||||
from datasette.utils import (
|
||||
|
@ -354,11 +354,11 @@ class QueryView(DataView):
|
|||
display_value = plugin_value
|
||||
else:
|
||||
if value in ("", None):
|
||||
display_value = jinja2.Markup(" ")
|
||||
display_value = Markup(" ")
|
||||
elif is_url(str(display_value).strip()):
|
||||
display_value = jinja2.Markup(
|
||||
display_value = Markup(
|
||||
'<a href="{url}">{url}</a>'.format(
|
||||
url=jinja2.escape(value.strip())
|
||||
url=escape(value.strip())
|
||||
)
|
||||
)
|
||||
elif isinstance(display_value, bytes):
|
||||
|
@ -372,7 +372,7 @@ class QueryView(DataView):
|
|||
).hexdigest(),
|
||||
},
|
||||
)
|
||||
display_value = jinja2.Markup(
|
||||
display_value = Markup(
|
||||
'<a class="blob-download" href="{}"><Binary: {} byte{}></a>'.format(
|
||||
blob_url,
|
||||
len(display_value),
|
||||
|
|
|
@ -2,7 +2,7 @@ import urllib
|
|||
import itertools
|
||||
import json
|
||||
|
||||
import jinja2
|
||||
import markupsafe
|
||||
|
||||
from datasette.plugins import pm
|
||||
from datasette.database import QueryInterrupted
|
||||
|
@ -135,12 +135,12 @@ class RowTableShared(DataView):
|
|||
"value_type": "pk",
|
||||
"is_special_link_column": is_special_link_column,
|
||||
"raw": pk_path,
|
||||
"value": jinja2.Markup(
|
||||
"value": markupsafe.Markup(
|
||||
'<a href="{base_url}{database}/{table}/{flat_pks_quoted}">{flat_pks}</a>'.format(
|
||||
base_url=base_url,
|
||||
database=database,
|
||||
table=urllib.parse.quote_plus(table),
|
||||
flat_pks=str(jinja2.escape(pk_path)),
|
||||
flat_pks=str(markupsafe.escape(pk_path)),
|
||||
flat_pks_quoted=path_from_row_pks(row, pks, not pks),
|
||||
)
|
||||
),
|
||||
|
@ -166,7 +166,7 @@ class RowTableShared(DataView):
|
|||
if plugin_display_value is not None:
|
||||
display_value = plugin_display_value
|
||||
elif isinstance(value, bytes):
|
||||
display_value = jinja2.Markup(
|
||||
display_value = markupsafe.Markup(
|
||||
'<a class="blob-download" href="{}"><Binary: {} byte{}></a>'.format(
|
||||
self.ds.urls.row_blob(
|
||||
database,
|
||||
|
@ -187,22 +187,22 @@ class RowTableShared(DataView):
|
|||
link_template = (
|
||||
LINK_WITH_LABEL if (label != value) else LINK_WITH_VALUE
|
||||
)
|
||||
display_value = jinja2.Markup(
|
||||
display_value = markupsafe.Markup(
|
||||
link_template.format(
|
||||
database=database,
|
||||
base_url=base_url,
|
||||
table=urllib.parse.quote_plus(other_table),
|
||||
link_id=urllib.parse.quote_plus(str(value)),
|
||||
id=str(jinja2.escape(value)),
|
||||
label=str(jinja2.escape(label)) or "-",
|
||||
id=str(markupsafe.escape(value)),
|
||||
label=str(markupsafe.escape(label)) or "-",
|
||||
)
|
||||
)
|
||||
elif value in ("", None):
|
||||
display_value = jinja2.Markup(" ")
|
||||
display_value = markupsafe.Markup(" ")
|
||||
elif is_url(str(value).strip()):
|
||||
display_value = jinja2.Markup(
|
||||
display_value = markupsafe.Markup(
|
||||
'<a href="{url}">{url}</a>'.format(
|
||||
url=jinja2.escape(value.strip())
|
||||
url=markupsafe.escape(value.strip())
|
||||
)
|
||||
)
|
||||
elif column in table_metadata.get("units", {}) and value != "":
|
||||
|
@ -212,7 +212,9 @@ class RowTableShared(DataView):
|
|||
# representation, which we have to round off to avoid ugliness. In the vast
|
||||
# majority of cases this rounding will be inconsequential. I hope.
|
||||
value = round(value.to_compact(), 6)
|
||||
display_value = jinja2.Markup(f"{value:~P}".replace(" ", " "))
|
||||
display_value = markupsafe.Markup(
|
||||
f"{value:~P}".replace(" ", " ")
|
||||
)
|
||||
else:
|
||||
display_value = str(value)
|
||||
if truncate_cells and len(display_value) > truncate_cells:
|
||||
|
|
|
@ -389,7 +389,7 @@ If the value matches that pattern, the plugin returns an HTML link element:
|
|||
.. code-block:: python
|
||||
|
||||
from datasette import hookimpl
|
||||
import jinja2
|
||||
import markupsafe
|
||||
import json
|
||||
|
||||
|
||||
|
@ -415,9 +415,9 @@ If the value matches that pattern, the plugin returns an HTML link element:
|
|||
or href.startswith("https://")
|
||||
):
|
||||
return None
|
||||
return jinja2.Markup('<a href="{href}">{label}</a>'.format(
|
||||
href=jinja2.escape(data["href"]),
|
||||
label=jinja2.escape(data["label"] or "") or " "
|
||||
return markupsafe.Markup('<a href="{href}">{label}</a>'.format(
|
||||
href=markupsafe.escape(data["href"]),
|
||||
label=markupsafe.escape(data["label"] or "") or " "
|
||||
))
|
||||
|
||||
Examples: `datasette-render-binary <https://github.com/simonw/datasette-render-binary>`_, `datasette-render-markdown <https://github.com/simonw/datasette-render-markdown>`__, `datasette-json-html <https://github.com/simonw/datasette-json-html>`__
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
from datasette import hookimpl
|
||||
from functools import wraps
|
||||
import jinja2
|
||||
import markupsafe
|
||||
import json
|
||||
|
||||
|
||||
|
@ -38,11 +38,11 @@ def render_cell(value, database):
|
|||
or href.startswith("https://")
|
||||
):
|
||||
return None
|
||||
return jinja2.Markup(
|
||||
return markupsafe.Markup(
|
||||
'<a data-database="{database}" href="{href}">{label}</a>'.format(
|
||||
database=database,
|
||||
href=jinja2.escape(data["href"]),
|
||||
label=jinja2.escape(data["label"] or "") or " ",
|
||||
href=markupsafe.escape(data["href"]),
|
||||
label=markupsafe.escape(data["label"] or "") or " ",
|
||||
)
|
||||
)
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue