Context navigation

trunk

Timestamp:

6 Apr 2016, 08:51:19 (8 years ago)

Author:

Henrik Bettermann

Message:

Forbid style and script elements in html fields.

Location:

main/waeup.ikoba/trunk/src/waeup/ikoba

Files:

-                      r13135
+                      r13805
 from zope import schema
 from waeup.ikoba.interfaces import (
     IIkobaObject, validate_id,
+    IIkobaObject, validate_id, validate_html,
     ContextualDictSourceFactoryBase)
 from waeup.ikoba.interfaces import MessageFactory as _
 …
         title = _(u'Multilingual content in HTML format'),
         required = False,
+        constraint=validate_html,
+        )

-                      r13803
+                      r13805
     return True
+# Define a validation method for HTML fields
+class NotHTMLValue(schema.ValidationError):
+    __doc__ = u"Style or script elements not allowed"
+def validate_html(value):
+    if '<style' in value or '<script' in value:
+        raise NotHTMLValue(value)
+    return True
 # Define a validation method for international phone numbers
 class InvalidPhoneNumber(schema.ValidationError):
 …
         required = False,
         default = default_html_frontpage,
+        constraint=validate_html,
+        )

Note: See TracChangeset for help on using the changeset viewer.