o xg~;@s@dZddlZddlZddlZddlmZddlmZmZm Z m Z m Z m Z ddl mZddlmZddlmZmZmZddlmZmZdd lmZdd lmZmZmZdd lmZd Z d dgZ!gdZ"edZ#edej$Z%edej$Z&dZ'dZ(ee)eddZ*e+dde+dde+dde+dde+dd e+d!d"e+d#d$e+d%d&e+d'd(e+d)d*e+d+d,e+d-d.i Z,e,-d/d0e.d1Dee)ed2d3Z/e+dde+dd e+d!d"iZ0d4d5Z1d6d7Z2d8d9Z3d:d;Z4edQd=d>Z5Gd?d@d@eZ6dAdBZ7edCdDZ8edEdFZ9dGdHZ:GdIdJdJe;ZdOdPZ?dS)Sz'HTML utilities suitable for global use.N) HTMLParser) parse_qslquoteunquote urlencodeurlsplit urlunsplit)SuspiciousOperation)punycode)Promise keep_lazykeep_lazy_text)RFC3986_GENDELIMSRFC3986_SUBDELIMS)_lazy_re_compile)SafeData SafeString mark_safe)normalize_newlinesz.,:;!)())[])z·*u•z•z•z•z ([\s<>"']+)z^https?://\[?\wz>^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$i2cCsttt|S)a Return the given text with ampersands, quotes and angle brackets encoded for use in HTML. Always escape input, even if it's already escaped and marked as such. This may result in double-escaping. If this is a concern, use conditional_escape() instead. )rhtmlescapestrtextr 3/usr/lib/python3/dist-packages/django/utils/html.pyr%s r\z\u005C'z\u0027"z\u0022>z\u003EBs"r/ cCstt|tS)z4Hex encode characters for use in JavaScript strings.)rr translate _js_escapesvaluer r r!escapejsEr5cCs0ddlm}tj||dt}td|t|S)z Escape all the HTML/XML special characters with their unicode escapes, so value is safe to be output anywhere except for inside a tag attribute. Wrap the escaped JSON in a script tag. r)DjangoJSONEncoder)clsz3)django.core.serializers.jsonr7jsondumpsr1_json_script_escapes format_htmlr)r4 element_idr7json_strr r r! json_scriptRs r@cCs,t|tr t|}t|dr|St|S)z Similar to escape(), except that it doesn't operate on pre-escaped strings. This function relies on the __html__ convention used both by Django's SafeData class and by third-party libraries like markupsafe. __html__) isinstancer rhasattrrArrr r r!conditional_escape`s  rDcOs0tt|}dd|D}t|j|i|S)z Similar to str.format, but pass all arguments through conditional_escape(), and call mark_safe() on the result. This function should be used instead of str.format or % interpolation to build up small HTML fragments. cSsi|] \}}|t|qSr )rD)r-kvr r r! vszformat_html..)maprDitemsrformat) format_stringargskwargs args_safe kwargs_safer r r!r=os r=cs tt|fdd|DS)a A wrapper of format_html, for the common case of a group of arguments that need to be formatted using the same format string, and then joined using 'sep'. 'sep' is also passed through conditional_escape. 'args_generator' should be an iterator that returns the sequence of 'args' that will be passed to format_html. Example: format_html_join(' ', "
  • {} {}
    • ", ((u.first_name, u.last_name) for u in users)) c3s |] }tg|RVqdSN)r=)r-rLrKr r!r/s  z#format_html_join..)rrDjoin)seprKargs_generatorr rQr!format_html_joinzs rUFcCsDt|}tdt|}|rdd|D}ndd|D}d|S)z$Convert newlines into

    and
    s.z {2,}cSs g|] }dt|ddqSz

    %s

     z
    )rreplacer-pr r r! s zlinebreaks..cSsg|] }d|ddqSrVrXrYr r r!r[sz )rresplitrrR)r4 autoescapeparasr r r! linebreakss  racs<eZdZfddZddZddZddZd d ZZS) MLStrippercs tjdd|g|_dS)NF)convert_charrefs)super__init__resetfedself __class__r r!res zMLStripper.__init__cCs|j|dSrPrgappend)ridr r r! handle_dataszMLStripper.handle_datacC|jd|dS)Nz&%s;rlrinamer r r!handle_entityrefzMLStripper.handle_entityrefcCrp)Nz&#%s;rlrqr r r!handle_charrefrtzMLStripper.handle_charrefcCs d|jSN)rRrgrhr r r!get_data zMLStripper.get_data) __name__ __module__ __qualname__rerorsrurx __classcell__r r rjr!rbs  rbcCs t}||||S)z< Internal tag stripping utility used by strip_tags. )rbfeedcloserx)r4sr r r! _strip_onces rcCsjt|}d}d|vr3d|vr3|tkrtt|}|d|dkr% |S|}|d7}d|vr3d|vs|S)z-Return the given HTML with all tags stripped.rr&r%)rMAX_STRIP_TAGS_DEPTHr rcount)r4strip_tags_depth new_valuer r r! strip_tagss rcCstddt|S)z7Return the given HTML with spaces between tags removed.z>\s+<)r]subrr3r r r!strip_spaces_between_tagsr6rcCsdd}z t|\}}}}}Wn ty||YSwzt|}Wn ty0||YSw|rBddt|ddD}t|}||}||}t|||||fS)z'Quote a URL if it isn't already quoted.cSst|}t|ttddS)N~)safe)rrrr)segmentr r r! unquote_quotesz%smart_urlquote..unquote_quotecSs$g|]}t|dt|dfqS)rr)r)r-qr r r!r[sz"smart_urlquote..T)keep_blank_values)r ValueErrorr UnicodeErrorrrr)urlrschemenetlocpathqueryfragment query_partsr r r!smart_urlquotes&      rcs$eZdZfddZddZZS) CountsDictcs tjg||R||_dSrP)rdreword)rirrLrMrjr r!res zCountsDict.__init__cCs|j|||<||SrP)rr)rikeyr r r! __missing__szCountsDict.__missing__)rzr{r|rerr}r r rjr!rs rc st|t}|fdd}ddddddfd d }d d }tt|}t|D]\} } d | vs>d| vs>d| vr|| \} } } d}|rKdnd}t| tkr`t | r`t t | }n=t| tkrut | rut dt | }n(d| vr|| r| dd\}}zt|}Wn tyYq.wd||f}d}|r|| }|r|st| t| } } t|}dt|||f} td| | | f|| <q.|rt| || <q.|rt| || <q.|rt| || <q.|rt| || <q.d|S)a Convert any URLs in text into clickable links. Works on http://, https://, www. links, and also on links ending in one of the original seven gTLDs (.com, .edu, .gov, .int, .mil, .net, and .org). Links can have trailing punctuation (periods, commas, close-parens) and leading punctuation (opening parens) and it'll still do the right thing. If trim_url_limit is not None, truncate the URLs in the link text longer than this limit to trim_url_limit - 1 characters and append an ellipsis. If nofollow is True, give the links a rel="nofollow" attribute. If autoescape is True, autoescape the link text and URLs. cSs2|dus t||kr |Sd|dtd|dS)Nu%s…rr)lenmax)xlimitr r r!trim_urlszurlize..trim_urlcSsdttSrv)rRdictWRAPPING_PUNCTUATIONkeysr r r r!wrapping_punctuation_openingssz-urlize..wrapping_punctuation_openingscSs tddS)Nr*rw)TRAILING_PUNCTUATION_CHARSrXr r r r!'trailing_punctuation_chars_no_semicolonryz7urlize..trailing_punctuation_chars_no_semicoloncSsdtvS)Nr*)rr r r r!(trailing_punctuation_chars_has_semicolonsz8urlize..trailing_punctuation_chars_has_semicoloncs|}|dt|t|}d}d}t|d}|r|rd}tD]5\}}||||krX||}||krX||||} || d}|d| }d}||| 8<q#|d} | dkrh|t}n|}||kr|t|d|}|}d}r|dr|| d} t | } | | ks| dr|t}t|} t|t|d}| dkr|d kr|| d d}|| d }||d|}||| |}n || d|}|}d}|r|s|||fS) zr Trim trailing and wrapping punctuation from `middle`. Return the items of the new state. NrwT)rFr'r*r) lstriprrrrstriprfindrendswithrunescapeindex)rmiddleleadtrailtrimmed_somethingcountsopeningclosing rstrippedstripamppotential_entityescaped trail_startamount_trailing_semicolonsrecent_semicolonmiddle_semicolon_indexrrrr r!trim_punctuationsT            *z urlize..trim_punctuationcSsrd|vs|ds|drdSz |d\}}Wn ty#YdSwt|dkr,dSd|vs5|dr7dSdS)z1Return True if value looks like an email address.@F?.T) startswithrr^rr)r4p1p2r r r!is_email_simpleVs  zurlize..is_email_simplerr:Nz rel="nofollow"rwz http://%srz mailto:%s@%sz%sz%s%s%s)rBr word_split_rer^r enumeraterMAX_URL_LENGTH simple_url_rematchrrrsimple_url_2_rersplitr rrrrR)rtrim_url_limitnofollowr_ safe_inputrrrwordsirrrrr nofollow_attrlocaldomaintrimmedr rr!urlizesX  9       rcCs |ddS)z Avoid text wrapping in the middle of a phrase by adding non-breaking spaces where there previously were normal spaces.   r\r3r r r!avoid_wrappings rcsRd|jvr td|jd|jvrtd|j|jfdd|_dd|_|S)z A decorator that defines the __html__ method. This helps non-Django templates to detect classes whose __str__ methods return SafeString. rAz;can't apply @html_safe to %s because it defines __html__().__str__zAcan't apply @html_safe to %s because it doesn't define __str__().cs t|SrP)rrh klass_strr r!s zhtml_safe..cSst|SrP)rrhr r r!rs)__dict__rrzrrA)klassr rr! html_safes   r)F)NFF)@__doc__rr:r] html.parserr urllib.parserrrrrrdjango.core.exceptionsr django.utils.encodingr django.utils.functionalr r r django.utils.httprrdjango.utils.regex_helperrdjango.utils.safestringrrrdjango.utils.textrrrDOTSr IGNORECASErrrrrrr,r2updateranger5r<r@rDr=rUrarbrrrrrrrrrr r r r!s               "