Rooba
/
tornado
mirror of https://github.com/tornadoweb/tornado.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add autoescape application setting and convert chatdemo to use it.

This commit is contained in:
Ben Darnell 2011-05-30 19:03:54 -07:00
parent ebe191e1bf
commit 6a85be4577
4 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
demos/chat/chatdemo.py
View File

@ -43,6 +43,7 @@ class Application(tornado.web.Application):
template_path=os.path.join(os.path.dirname(__file__), "templates"), template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "static"), static_path=os.path.join(os.path.dirname(__file__), "static"),
xsrf_cookies=True, xsrf_cookies=True,
autoescape="xhtml_escape",
) )
tornado.web.Application.__init__(self, handlers, **settings) tornado.web.Application.__init__(self, handlers, **settings)

4
demos/chat/templates/index.html
View File

@ -7,7 +7,7 @@
</head> </head>
<body> <body>
<div id="nav"> <div id="nav">
<b>{{ escape(current_user["name"]) }}</b> - <b>{{ current_user["name"] }}</b> -
<a href="/auth/logout">{{ _("Sign out") }}</a> <a href="/auth/logout">{{ _("Sign out") }}</a>
</div> </div>
<div id="body"> <div id="body">
@ -24,7 +24,7 @@
<td style="padding-left:5px"> <td style="padding-left:5px">
<input type="submit" value="{{ _("Post") }}"/> <input type="submit" value="{{ _("Post") }}"/>
<input type="hidden" name="next" value="{{ request.path }}"/> <input type="hidden" name="next" value="{{ request.path }}"/>
{{ xsrf_form_html() }} {% raw xsrf_form_html() %}
</td> </td>
</tr> </tr>
</table> </table>

3
demos/chat/templates/message.html
View File

@ -1,2 +1 @@
{% import tornado.escape %} <div class="message" id="m{{ message["id"] }}"><b>{{ message["from"] }}: </b>{% raw linkify(message["body"]) %}</div>
<div class="message" id="m{{ message["id"] }}"><b>{{ escape(message["from"]) }}: </b>{{ tornado.escape.linkify(message["body"]) }}</div>

15
tornado/web.py
View File

@ -543,8 +543,7 @@ class RequestHandler(object):
if not getattr(RequestHandler, "_templates", None): if not getattr(RequestHandler, "_templates", None):
RequestHandler._templates = {} RequestHandler._templates = {}
if template_path not in RequestHandler._templates: if template_path not in RequestHandler._templates:
loader = self.application.settings.get("template_loader") or\ loader = self.create_template_loader(template_path)
template.Loader(template_path)
RequestHandler._templates[template_path] = loader RequestHandler._templates[template_path] = loader
t = RequestHandler._templates[template_path].load(template_name) t = RequestHandler._templates[template_path].load(template_name)
args = dict( args = dict(
@ -561,6 +560,18 @@ class RequestHandler(object):
args.update(kwargs) args.update(kwargs)
return t.generate(**args) return t.generate(**args)
def create_template_loader(self, template_path):
settings = self.application.settings
if "template_loader" in settings:
return settings["template_loader"]
kwargs = {}
if "autoescape" in settings:
# autoescape=None means "no escaping", so we have to be sure
# to only pass this kwarg if the user asked for it.
kwargs["autoescape"] = settings["autoescape"]
return template.Loader(template_path, **kwargs)
def flush(self, include_footers=False): def flush(self, include_footers=False):
"""Flushes the current output buffer to the network.""" """Flushes the current output buffer to the network."""
if self.application._wsgi: if self.application._wsgi: