Mercurial > p > roundup > code

view roundup/cgi/engine_chameleon.py @ 5217:17b213eab274

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add nonce to embedded script references. This should allow these scripts to execute with a nonce-.... content security policy (csp). However there is still a lot of inline javascript that a web developer needs to look at and rewrite the inline javascript (onsubmit, onclick ..) to be applied by a nonce authorized javascript library that adds event listeners. Ref: https://csp.withgoogle.com/docs/adopting-csp.html#refactor-inline-event-handlers-and-javascript-uris
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Mar 2017 21:08:30 -0400
parents 0421390b3094
children 56c9bcdea47f
line wrap: on
line source

"""Templating engine adapter for the Chameleon."""

__docformat__ = 'restructuredtext'

import os.path
import chameleon

from roundup.cgi.templating import StringIO, context, TALLoaderBase

class Loader(TALLoaderBase):
    def __init__(self, dir):
        self.dir = dir
        self.loader = chameleon.PageTemplateLoader(dir)

    def load(self, tplname):
        src, filename = self._find(tplname)
        return RoundupPageTemplate(self.loader.load(src))

class RoundupPageTemplate(object):
    def __init__(self, pt):
        self._pt = pt

    def render(self, client, classname, request, **options):
        c = context(client, self, classname, request)
        c.update({'options': options})

        def translate(msgid, domain=None, mapping=None, default=None):
            result = client.translator.translate(domain, msgid,
                         mapping=mapping, default=default)
            return unicode(result, client.translator.OUTPUT_ENCODING)

        output = self._pt.render(None, translate, **c)
        return output.encode(client.charset)

    def __getitem__(self, name):
        return self._pt[name]

    def __getattr__(self, name):
        return getattr(self._pt, name)
Roundup Issue Tracker: http://roundup-tracker.org/