From 8ebd6c64a7e99061e10d13233574eb8dc30e2ab9 Mon Sep 17 00:00:00 2001 From: Skia Date: Fri, 8 Jan 2016 16:14:54 +0100 Subject: [PATCH] Add Markdown support and better url tolerance for pages --- core/management/commands/setup.py | 14 +++++++++---- core/templates/core/page_detail.html | 5 +++-- core/templatetags/__init__.py | 0 core/templatetags/renderer.py | 17 ++++++++++++++++ core/tests.py | 30 ++++++++++++++++++++++++++++ core/urls.py | 10 +++++----- core/views/__init__.py | 1 - 7 files changed, 65 insertions(+), 12 deletions(-) create mode 100644 core/templatetags/__init__.py create mode 100644 core/templatetags/renderer.py diff --git a/core/management/commands/setup.py b/core/management/commands/setup.py index 223d9488..dc86968a 100755 --- a/core/management/commands/setup.py +++ b/core/management/commands/setup.py @@ -2,7 +2,7 @@ import os from django.core.management.base import BaseCommand, CommandError from django.core.management import call_command from django.conf import settings -from core.models import Group, User +from core.models import Group, User, Page, PageRev class Command(BaseCommand): help = "Set up a new instance of the Sith AE" @@ -26,16 +26,22 @@ class Command(BaseCommand): Group(id=g['id'], name=g['name']).save() if not options['prod']: print("Dev mode, adding some test data") - u = User(username='skia', last_name="Kia", first_name="S'", + s = User(username='skia', last_name="Kia", first_name="S'", email="skia@git.an", date_of_birth="1942-06-12T00:00:00+01:00", is_superuser=True, is_staff=True) - u.set_password("plop") - u.save() + s.set_password("plop") + s.save() u = User(username='guy', last_name="Carlier", first_name="Guy", email="guy@git.an", date_of_birth="1942-06-12T00:00:00+01:00", is_superuser=False, is_staff=False) u.set_password("plop") u.save() + p = Page(name='aide_syntaxe') + p.set_lock(s) + p.save() + PageRev(page=p, title="Aide sur la syntaxe", author=s, content=""" +Cette page vise à documenter la syntaxe *Markdown* utilisée sur le site. +""").save() diff --git a/core/templates/core/page_detail.html b/core/templates/core/page_detail.html index ea9b7412..536fee92 100644 --- a/core/templates/core/page_detail.html +++ b/core/templates/core/page_detail.html @@ -1,4 +1,5 @@ {% extends "core/page.html" %} +{% load renderer %} {% block page %}

Page

@@ -14,10 +15,10 @@ {% if rev %}

This may not be the last update, you are seeing revision {{ rev.id }}!

{{ rev.title }}

-

{{ rev.content }}

+

{{ rev.content|markdown }}

{% else %}

{{ page.revisions.last.title }}

-

{{ page.revisions.last.content }}

+

{{ page.revisions.last.content|markdown }}

{% endif %} {% endblock %} diff --git a/core/templatetags/__init__.py b/core/templatetags/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/core/templatetags/renderer.py b/core/templatetags/renderer.py new file mode 100644 index 00000000..da68e1a2 --- /dev/null +++ b/core/templatetags/renderer.py @@ -0,0 +1,17 @@ +import mistune +from django import template +from django.template.defaultfilters import stringfilter +from django.utils.safestring import mark_safe +from django.utils.html import escape + + +register = template.Library() + +@register.filter(is_safe=False) +@stringfilter +def markdown(text): + md = mistune.Markdown() + return mark_safe(md(escape(text))) + + + diff --git a/core/tests.py b/core/tests.py index ac8ec411..43bddbd0 100644 --- a/core/tests.py +++ b/core/tests.py @@ -232,6 +232,36 @@ class PageHandlingTest(TestCase): self.assertTrue(response.status_code == 200) self.assertTrue('Create it?' in str(response.content)) + + def test_create_page_markdown_safe(self): + """ + Should format the markdown and escape html correctly + """ + self.client.post(reverse('core:page_prop', kwargs={'page_name': 'guy'}), {'parent': '', + 'name': 'guy', + 'owner_group': '1', + }) + r = self.client.post(reverse('core:page_edit', kwargs={'page_name': 'guy'}), + { + 'title': 'Bibou', + 'content': + '''Guy *bibou* + +http://git.an + +# Swag + +Bibou + + +''', + }) + response = self.client.get(reverse('core:page', kwargs={'page_name': 'guy'})) + self.assertTrue(response.status_code == 200) + self.assertTrue('

Guy bibou

\\n

http://git.an

\\n' + + '

Swag

\\n

<guy>Bibou</guy>

\\n' + + '

<script>alert('Guy');</script>

' in str(response.content)) + #TODO: many tests on the pages: # - renaming a page # - changing a page's parent --> check that page's children's full_name diff --git a/core/urls.py b/core/urls.py index 5af32876..d65a8716 100644 --- a/core/urls.py +++ b/core/urls.py @@ -29,10 +29,10 @@ urlpatterns = [ # Page views url(r'^page/$', PageListView.as_view(), name='page_list'), - url(r'^page/(?P[a-z0-9/]*)/edit$', PageEditView.as_view(), name='page_edit'), - url(r'^page/(?P[a-z0-9/]*)/prop$', PagePropView.as_view(), name='page_prop'), - url(r'^page/(?P[a-z0-9/]*)/hist$', PageHistView.as_view(), name='page_hist'), - url(r'^page/(?P[a-z0-9/]*)/rev/(?P[0-9]+)/', PageRevView.as_view(), name='page_rev'), - url(r'^page/(?P[a-z0-9/]*)/$', PageView.as_view(), name='page'), + url(r'^page/(?P[a-z0-9/\-_]*)/edit$', PageEditView.as_view(), name='page_edit'), + url(r'^page/(?P[a-z0-9/\-_]*)/prop$', PagePropView.as_view(), name='page_prop'), + url(r'^page/(?P[a-z0-9/\-_]*)/hist$', PageHistView.as_view(), name='page_hist'), + url(r'^page/(?P[a-z0-9/\-_]*)/rev/(?P[0-9]+)/', PageRevView.as_view(), name='page_rev'), + url(r'^page/(?P[a-z0-9/\-_]*)/$', PageView.as_view(), name='page'), ] diff --git a/core/views/__init__.py b/core/views/__init__.py index 9991e740..14870a2b 100644 --- a/core/views/__init__.py +++ b/core/views/__init__.py @@ -13,7 +13,6 @@ def not_found(request): return render(request, "core/404.html") -# TODO: see models.py's TODO! class CanEditPropMixin(View): """ This view is made to protect any child view that would be showing some properties of an object that are restricted