diff --git a/core/management/commands/setup.py b/core/management/commands/setup.py index 223d9488..dc86968a 100755 --- a/core/management/commands/setup.py +++ b/core/management/commands/setup.py @@ -2,7 +2,7 @@ import os from django.core.management.base import BaseCommand, CommandError from django.core.management import call_command from django.conf import settings -from core.models import Group, User +from core.models import Group, User, Page, PageRev class Command(BaseCommand): help = "Set up a new instance of the Sith AE" @@ -26,16 +26,22 @@ class Command(BaseCommand): Group(id=g['id'], name=g['name']).save() if not options['prod']: print("Dev mode, adding some test data") - u = User(username='skia', last_name="Kia", first_name="S'", + s = User(username='skia', last_name="Kia", first_name="S'", email="skia@git.an", date_of_birth="1942-06-12T00:00:00+01:00", is_superuser=True, is_staff=True) - u.set_password("plop") - u.save() + s.set_password("plop") + s.save() u = User(username='guy', last_name="Carlier", first_name="Guy", email="guy@git.an", date_of_birth="1942-06-12T00:00:00+01:00", is_superuser=False, is_staff=False) u.set_password("plop") u.save() + p = Page(name='aide_syntaxe') + p.set_lock(s) + p.save() + PageRev(page=p, title="Aide sur la syntaxe", author=s, content=""" +Cette page vise à documenter la syntaxe *Markdown* utilisée sur le site. +""").save() diff --git a/core/templates/core/page_detail.html b/core/templates/core/page_detail.html index ea9b7412..536fee92 100644 --- a/core/templates/core/page_detail.html +++ b/core/templates/core/page_detail.html @@ -1,4 +1,5 @@ {% extends "core/page.html" %} +{% load renderer %} {% block page %}
{{ rev.content }}
+{{ rev.content|markdown }}
{% else %}{{ page.revisions.last.content }}
+{{ page.revisions.last.content|markdown }}
{% endif %} {% endblock %} diff --git a/core/templatetags/__init__.py b/core/templatetags/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/core/templatetags/renderer.py b/core/templatetags/renderer.py new file mode 100644 index 00000000..da68e1a2 --- /dev/null +++ b/core/templatetags/renderer.py @@ -0,0 +1,17 @@ +import mistune +from django import template +from django.template.defaultfilters import stringfilter +from django.utils.safestring import mark_safe +from django.utils.html import escape + + +register = template.Library() + +@register.filter(is_safe=False) +@stringfilter +def markdown(text): + md = mistune.Markdown() + return mark_safe(md(escape(text))) + + + diff --git a/core/tests.py b/core/tests.py index ac8ec411..43bddbd0 100644 --- a/core/tests.py +++ b/core/tests.py @@ -232,6 +232,36 @@ class PageHandlingTest(TestCase): self.assertTrue(response.status_code == 200) self.assertTrue('Create it?' in str(response.content)) + + def test_create_page_markdown_safe(self): + """ + Should format the markdown and escape html correctly + """ + self.client.post(reverse('core:page_prop', kwargs={'page_name': 'guy'}), {'parent': '', + 'name': 'guy', + 'owner_group': '1', + }) + r = self.client.post(reverse('core:page_edit', kwargs={'page_name': 'guy'}), + { + 'title': 'Bibou', + 'content': + '''Guy *bibou* + +http://git.an + +# Swag + +Guy bibou
\\n\\n' + + '<guy>Bibou</guy>
\\n' + + '<script>alert('Guy');</script>
' in str(response.content)) + #TODO: many tests on the pages: # - renaming a page # - changing a page's parent --> check that page's children's full_name diff --git a/core/urls.py b/core/urls.py index 5af32876..d65a8716 100644 --- a/core/urls.py +++ b/core/urls.py @@ -29,10 +29,10 @@ urlpatterns = [ # Page views url(r'^page/$', PageListView.as_view(), name='page_list'), - url(r'^page/(?P