_VK9@s dZddlmZddlZddlZddlmZddlmZddl m Z m Z ddl m Z ddlmZmZdd lmZmZmZdd lmZmZmZmZmZmZdd lmZd d lmZm Z ddddddddgZ!dddedfdgdhdigZ"ddd d!d"d#gZ#ej$d$Z%ej$d%Z&ej$d&ej'Z(ej$d'ej'Z)ej$d(Z*ej$d)Z+ej$d*ej'Z,ej$d+d,j-d-d.e#Dej.Z/ej$d/Z0d0d1Z1e e1ej2eZ1i d2e3d36d4e3d6d5e3d6d6e3d6d7e3d6d8e3d96d:e3d;6d<e3d=6d>e3d6d?e3d@6dAe3dB6Z4e4j5dCd.e6dDDdEdFZ7e e7ej2eZ7dGdHZ8dIdJZ9dKdLZ:dMdNdOZ;e e;ej2Z;GdPdQdQe Z<dRdSZ=dTdUZ>e e>Z>dVdWZ?e e?ej2Z?dXdYZ@e e@ej2Z@dZd[ZAe eAej2ZAd\d]ZBddMdMd^d_ZCe eCej2ZCd`daZDdbdcZEdS)jz'HTML utilities suitable for global use.)unicode_literalsN)six)RemovedInDjango110Warning) force_str force_text) allow_lazy)RFC3986_GENDELIMSRFC3986_SUBDELIMS)SafeDataSafeText mark_safe) parse_qslquoteunquote urlencodeurlsplit urlunsplit)normalize_newlines)HTMLParseError HTMLParser.,:;z.)"'!()<>[]<>z·*u•z•z•z•z&(?!(\w+|#\d+);)z ([\s<>"']+)z^https?://\[?\wz>^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$z^\S+@\S+\.\S+$z(]*?)target=[^\s>]+zb(?:
|<\/i>|<\/b>|<\/em>|<\/strong>|<\/?smallcaps>|<\/?uppercase>)z%((?:

(?:%s).*?[a-zA-Z].*?

\s*)+)|ccs|]}tj|VqdS)N)reescape).0xr,3/tmp/pip-build-ghmbqnp_/Django/django/utils/html.py &sr.z((?:

(?: |\s|
)*?

\s*)+\ZcCsLtt|jddjddjddjddjd d S) a* Returns the given text with ampersands, quotes and angle brackets encoded for use in HTML. This function always escapes its input, even if it's already escaped and marked as such. This may result in double-escaping. If this is a concern, use conditional_escape() instead. &z&r z<r!z>rz"rz')r rreplace)textr,r,r-r)+s 'r)z\u005C\z\u0027z\u0022z\u003Ez\u003Cz\u0026r/z\u003D=z\u002D-z\u003Bz\u2028u
z\u2029u
ccs)|]}td|d|fVqdS)z%cz\u%04XN)ord)r*zr,r,r-r.Gs cCstt|jtS)z5Hex encodes characters for use in JavaScript strings.)r r translate _js_escapes)valuer,r,r-escapejsJsr;cCs't|dr|jSt|SdS)z Similar to escape(), except that it doesn't operate on pre-escaped strings. This function relies on the __html__ convention used both by Django's SafeData class and by third-party libraries like markupsafe. __html__N)hasattrr<r))r1r,r,r-conditional_escapePs r>cOsAtt|}ddtj|D}t|j||S)z Similar to str.format, but passes all arguments through conditional_escape, and calls 'mark_safe' on the result. This function should be used instead of str.format or % interpolation to build up small HTML fragments. cSs%i|]\}}t||qSr,)r>)r*kvr,r,r- ds zformat_html..)mapr>r iteritemsr format) format_stringargskwargsZ args_safeZ kwargs_safer,r,r- format_html]srHcs,tt|jfdd|DS)a A wrapper of format_html, for the common case of a group of arguments that need to be formatted using the same format string, and then joined using 'sep'. 'sep' is also passed through conditional_escape. 'args_generator' should be an iterator that returns the sequence of 'args' that will be passed to format_html. Example: format_html_join(' ', "
  • {} {}
    • ", ((u.first_name, u.last_name) for u in users)) c3s$|]}tt|VqdS)N)rHtuple)r*rF)rEr,r-r.wsz#format_html_join..)r r>join)seprEZargs_generatorr,)rEr-format_html_joinhsrLFcCsZt|}tjd|}|r:dd|D}ndd|D}dj|S)z'Converts newlines into

    and
    s.z {2,}cSs,g|]"}dt|jddqS)z

    %s

     z
    )r)r0)r*pr,r,r- s zlinebreaks..cSs&g|]}d|jddqS)z

    %s

    rMz
    )r0)r*rNr,r,r-rOs z )rr(splitrJ)r: autoescapeZparasr,r,r- linebreaks{s  rRc@sLeZdZddZddZddZddZd d Zd S) MLStrippercCs$tj||jg|_dS)N)r__init__resetfed)selfr,r,r-rTs  zMLStripper.__init__cCs|jj|dS)N)rVappend)rWdr,r,r- handle_dataszMLStripper.handle_datacCs|jjd|dS)Nz&%s;)rVrX)rWnamer,r,r-handle_entityrefszMLStripper.handle_entityrefcCs|jjd|dS)Nz&#%s;)rVrX)rWr[r,r,r-handle_charrefszMLStripper.handle_charrefcCsdj|jS)N)rJrV)rWr,r,r-get_dataszMLStripper.get_dataN)__name__ __module__ __qualname__rTrZr\r]r_r,r,r,r-rSs     rScCsut}y|j|Wntk r2|SYnXy|jWn#tk rf|j|jSYn X|jSdS)z< Internal tag stripping utility used by strip_tags. N)rSfeedrcloser_rawdata)r:sr,r,r- _strip_onces    rgcCsQxJd|krLd|krLt|}t|t|krCPn|}qW|S)z.Returns the given HTML with all tags stripped.r r!)rglen)r:Z new_valuer,r,r- strip_tagss   ricCstjdtdddd|jD}ddj|}tjd|tj}tjd |}|jd |}|jd |}|S) z/Returns the given HTML with given tags removed.z}django.utils.html.remove_tags() and the removetags template filter are deprecated. Consider using the bleach library instead. stacklevelcSsg|]}tj|qSr,)r(r))r*tagr,r,r-rOs zremove_tags..z(%s)r'z<%s(/?>|(\s+[^>]*>))zr^) warningswarnrrPrJr(compileUsub)htmltagsZtags_reZ starttag_reZ endtag_rer,r,r- remove_tagss rtcCstjddt|S)z8Returns the given HTML with spaces between tags removed.z>\s+<)r(rqr)r:r,r,r-strip_spaces_between_tagssrucCs/tjdtddtjddt|S)z@Returns the given HTML with all entities (&something;) stripped.z1django.utils.html.strip_entities() is deprecated.rjz&(?:\w+|#\d+);r^)rmrnrr(rqr)r:r,r,r-strip_entitiess rwcCsdd}yt|\}}}}}Wntk rI||SYnXy|jdjd}Wntk r||SYnX|rddt|ddD}t|}n||}||}t|||||fS) z(Quotes a URL if it isn't already quoted.cSs<tt|}t|dtttd}t|S)Nsafe~)rrrr rstrr)Zsegmentr,r,r- unquote_quotes z%smart_urlquote..unquote_quoteidnaasciicSs<g|]2}tt|dtt|dfqS)rr)rr)r*qr,r,r-rOs z"smart_urlquote..keep_blank_valuesT)r ValueErrorencodedecode UnicodeErrorr rr)urlr{schemenetlocpathqueryfragmentZ query_partsr,r,r-smart_urlquotes       rcCsrt|t}|dd}dd}tjt|}x#t|D]\}} d| ks|d| ks|d| kr/d| d} } } xAtD]9} | j| r| d t|  } | | } qqWxt D]\}}| j |r| t|d } | |} n| j|r| j || j |d kr| d t| } || } qqWd }|rd nd}t j | r|| | \} }} t|}ntj | r|| | \} }} td |}nd| krztj | rz| jdd \}}y|jd jd}Wntk r`wLYnXd||f}d}n|r|| }|r| rt| t| } } t|}ndt|||f} td| | | f||.trim_urlcSs||jddjddjddjddjd d }|ru|j|ru|d t| }n|d kr||7}d }n|||fS)z If input URL is HTML-escaped, unescape it so as we can safely feed it to smart_urlquote. For example: http://example.com?x=1&y=<2> => http://example.com?x=1&y=<2> z&r/z<r z>r!z"rz'rNrr^)r0endswithrh)r1trailZ unescapedr,r,r-unescapes $   zurlize..unescaper@rr^Nrz rel="nofollow"z http://%sr|r}z mailto:%s@%sz    %sz%s%s%s) isinstancer word_split_rerPr enumerateTRAILING_PUNCTUATIONrrhWRAPPING_PUNCTUATION startswithcount simple_url_rematchrsimple_url_2_resimple_email_rersplitrrrr)r rJ)r1Ztrim_url_limitZnofollowrQZ safe_inputrrwordsiwordZleadZmiddler punctuationZopeningclosingrZ nofollow_attrZmiddle_unescapedlocaldomainZtrimmedr,r,r-urlizesf $  "     rcCs|jddS)z Avoid text wrapping in the middle of a phrase by adding non-breaking spaces where there previously were normal spaces.   )r0)r:r,r,r-avoid_wrappingdsrcsd|jkr%td|jntjrd|jkrStd|jn|jfdd|_dd|_nRd|jkrtd |jn|jfd d|_d d|_|S) z A decorator that defines the __html__ method. This helps non-Django templates to detect classes whose __str__ methods return SafeText. r<z;can't apply @html_safe to %s because it defines __html__(). __unicode__zEcan't apply @html_safe to %s because it doesn't define __unicode__().cst|S)N)r )rW) klass_unicoder,r-}szhtml_safe..cSs t|S)N)unicode)rWr,r,r-r~s__str__zAcan't apply @html_safe to %s because it doesn't define __str__().cst|S)N)r )rW) klass_strr,r-rscSs t|S)N)rz)rWr,r,r-rs)__dict__rr`rPY2rr<r)klassr,)rrr- html_safels(   r)rr)r r!)r"r#)r$r%)rr)rr)F__doc__ __future__rr(rmZ django.utilsrZdjango.utils.deprecationrZdjango.utils.encodingrrZdjango.utils.functionalrZdjango.utils.httprr Zdjango.utils.safestringr r r Z#django.utils.six.moves.urllib.parser rrrrrZdjango.utils.textr html_parserrrrrZDOTSroZunencoded_ampersands_rer IGNORECASErrrZlink_target_attribute_reZ html_gunk_rerJDOTALLZhard_coded_bullets_reZtrailing_empty_content_rer) text_typer5r9updateranger;r>rHrLrRrSrgrirtrurwrrrrr,r,r,r-s  .                      $a