Epoz Safe Editing Patch
--- Epoz/__init__.py.orig 2004-05-10 04:00:20.000000000 +0800
+++ Epoz/__init__.py 2004-05-15 11:57:21.000000000 +0800
@@ -28,6 +28,9 @@
# Regexp for snipping the body of a document
HTML_BODY = re.compile('<body[^>]*?>(.*)</body[^>]*?>', re.DOTALL|re.IGNORECASE)
+# Regexp for safe textarea editing
+SAFE_DATA = re.compile('<(/?)(textarea.*?|noscript)>', re.DOTALL|re.IGNORECASE)
+
misc_ = {
# The Format-Controls
'epoz_script_main.js':ImageFile('skins/epoz/epoz_script_main.js.dtml', globals()),
@@ -127,7 +130,8 @@
# Quote newlines and single quotes, so the Epoz-JavaScript won't break.
# Needs to be a list and no dictionary, cause we need order!!!
- quotes = (("\\","\\\\"), ("\n","\\n"), ("\r","\\r"), ("'","\\'"))
+ quotes = (("\\","\\\\"), ("\n","\\n"), ("\r","\\r"), ("'","\\'"),
+ ("<!--", "<--"), ("-->", "-->"))
for item in quotes:
js_data = js_data.replace(item[0], item[1])
@@ -152,7 +156,7 @@
# Return the HTML-Code for the Epoz-Rich-Text-Editor
return """
-<iframe id="EpozIFrame" src="%(iframesrc)s" style="position: absolute; visibility: hidden; width: 0px; height: 0px;"></iframe>
+<iframe id="EpozIFrame" src="%(iframesrc)s" style="position: absolute; visibility: hidden; width: 0px; height: 0px;"></iframe>
%(i18n)s
<script language="JavaScript" type="text/javascript" src="%(widget)s"></script>
<script language="JavaScript" type="text/javascript" src="%(path)svcXMLRPC.js"></script>
@@ -176,7 +180,7 @@
'css': css,
'customcss': customcss,
'charset': charset,
- 'data': data,
+ 'data': SAFE_DATA.sub("<\\1\\2>", data),
'pageurl': pageurl,
'iframesrc': iframesrc
}
+++ Epoz/__init__.py 2004-05-15 11:57:21.000000000 +0800
@@ -28,6 +28,9 @@
# Regexp for snipping the body of a document
HTML_BODY = re.compile('<body[^>]*?>(.*)</body[^>]*?>', re.DOTALL|re.IGNORECASE)
+# Regexp for safe textarea editing
+SAFE_DATA = re.compile('<(/?)(textarea.*?|noscript)>', re.DOTALL|re.IGNORECASE)
+
misc_ = {
# The Format-Controls
'epoz_script_main.js':ImageFile('skins/epoz/epoz_script_main.js.dtml', globals()),
@@ -127,7 +130,8 @@
# Quote newlines and single quotes, so the Epoz-JavaScript won't break.
# Needs to be a list and no dictionary, cause we need order!!!
- quotes = (("\\","\\\\"), ("\n","\\n"), ("\r","\\r"), ("'","\\'"))
+ quotes = (("\\","\\\\"), ("\n","\\n"), ("\r","\\r"), ("'","\\'"),
+ ("<!--", "<--"), ("-->", "-->"))
for item in quotes:
js_data = js_data.replace(item[0], item[1])
@@ -152,7 +156,7 @@
# Return the HTML-Code for the Epoz-Rich-Text-Editor
return """
-<iframe id="EpozIFrame" src="%(iframesrc)s" style="position: absolute; visibility: hidden; width: 0px; height: 0px;"></iframe>
+<iframe id="EpozIFrame" src="%(iframesrc)s" style="position: absolute; visibility: hidden; width: 0px; height: 0px;"></iframe>
%(i18n)s
<script language="JavaScript" type="text/javascript" src="%(widget)s"></script>
<script language="JavaScript" type="text/javascript" src="%(path)svcXMLRPC.js"></script>
@@ -176,7 +180,7 @@
'css': css,
'customcss': customcss,
'charset': charset,
- 'data': data,
+ 'data': SAFE_DATA.sub("<\\1\\2>", data),
'pageurl': pageurl,
'iframesrc': iframesrc
}