archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity
pillar/pillar/markdown.py
Sybren A. Stüvel f4e0b9185b Shortcodes for YouTube and iframes 
Added shortcodes 2.5.0 as dependency; Earlier versions corrupted
non-ASCII characters, see
https://github.com/dmulholland/shortcodes/issues/6

The rendered elements have a `shortcode` CSS class.

The YouTube shortcode supports various ways to refer to a video:

    - `{youtube VideoID}`
    - `{youtube youtube.com or youtu.be URL}`

URLs containing an '=' should be quoted, or otherwise the shortcodes
library will parse it as "key=value" pair.

The IFrame shortcode supports the `cap` and `nocap` attributes. `cap`
indicates the required capability the user should have in order to
render the tag. If `nocap` is given, its contents are shown as a message
to users who do not have this tag; without it, the iframe is silently
hidden.

`{iframe src='https://source' cap='subscriber' nocap='Subscribe to view'}`

Merged test code + added HTML class for shortcode iframes
2018-04-03 10:49:00 +02:00

62 lines
1.5 KiB
Python
Raw Blame History

"""Bleached Markdown functionality.
This is for user-generated stuff, like comments.
"""
import bleach
import CommonMark
from . import shortcodes
ALLOWED_TAGS = [
'a',
'abbr',
'acronym',
'b', 'strong',
'i', 'em',
'del', 'kbd',
'dl', 'dt', 'dd',
'blockquote',
'code', 'pre',
'li', 'ol', 'ul',
'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
'p', 'br', 'hr',
'sup', 'sub', 'strike',
'img',
'iframe',
'video',
]
ALLOWED_ATTRIBUTES = {
'a': ['href', 'title', 'target'],
'abbr': ['title'],
'acronym': ['title'],
'img': ['src', 'alt', 'width', 'height', 'title'],
'iframe': ['src', 'width', 'height', 'frameborder', 'allowfullscreen'],
'video': ['autoplay', 'controls', 'loop', 'muted', 'src'],
'*': ['style'],
}
ALLOWED_STYLES = [
'color', 'font-weight', 'background-color',
]
def markdown(s: str) -> str:
commented_shortcodes = shortcodes.comment_shortcodes(s)
tainted_html = CommonMark.commonmark(commented_shortcodes)
safe_html = bleach.clean(tainted_html,
tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES,
styles=ALLOWED_STYLES,
strip_comments=False)
return safe_html
def cache_field_name(field_name: str) -> str:
"""Return the field name containing the cached HTML.
See ValidateCustomFields._normalize_coerce_markdown().
"""
return f'_{field_name}_html'
Reference in New Issue View Git Blame Copy Permalink