Skip to content

Commit d42d757

Browse files
cslzchenfelliott
cslzchen
authored and
felliott
committed
Escape/encode URL for all eligible renderers
 - Eligibility: direct-to-wb and/or through-exporter - Renderers updated: audio, image, jsc3d, pdb, svg, video - Unoconv is not updated since it only makes and calls the renderer - Set warning logs default to True
1 parent 14fc992 commit d42d757

File tree

7 files changed

+25
-14
lines changed

7 files changed

+25
-14
lines changed

mfr/extensions/audio/render.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
from mako.lookup import TemplateLookup
44

55
from mfr.core import extension
6+
from mfr.extensions.utils import escape_url_for_template
67

78

89
class AudioRenderer(extension.BaseRenderer):
@@ -13,7 +14,8 @@ class AudioRenderer(extension.BaseRenderer):
1314
]).get_template('viewer.mako')
1415

1516
def render(self):
16-
return self.TEMPLATE.render(base=self.assets_url, url=self.url)
17+
safe_url = escape_url_for_template(self.url)
18+
return self.TEMPLATE.render(base=self.assets_url, url=safe_url)
1719

1820
@property
1921
def file_required(self):

mfr/extensions/image/render.py

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55

66
from mfr.core import extension
77
from mfr.extensions.image import settings
8-
from mfr.extensions.utils import munge_url_for_localdev
8+
from mfr.extensions.utils import munge_url_for_localdev, escape_url_for_template
99

1010

1111
class ImageRenderer(extension.BaseRenderer):
@@ -19,7 +19,8 @@ def render(self):
1919
self.metrics.add('needs_export', False)
2020
if self.metadata.ext in settings.EXPORT_EXCLUSIONS:
2121
download_url = munge_url_for_localdev(self.url)
22-
return self.TEMPLATE.render(base=self.assets_url, url=download_url.geturl())
22+
safe_url = escape_url_for_template(download_url.geturl())
23+
return self.TEMPLATE.render(base=self.assets_url, url=safe_url)
2324

2425
exported_url = furl.furl(self.export_url)
2526
if settings.EXPORT_MAXIMUM_SIZE and settings.EXPORT_TYPE:
@@ -28,10 +29,12 @@ def render(self):
2829
exported_url.args['format'] = settings.EXPORT_TYPE
2930
else:
3031
download_url = munge_url_for_localdev(self.url)
31-
return self.TEMPLATE.render(base=self.assets_url, url=download_url.geturl())
32+
safe_url = escape_url_for_template(download_url.geturl())
33+
return self.TEMPLATE.render(base=self.assets_url, url=safe_url)
3234

3335
self.metrics.add('needs_export', True)
34-
return self.TEMPLATE.render(base=self.assets_url, url=exported_url.url)
36+
safe_url = escape_url_for_template(exported_url.url)
37+
return self.TEMPLATE.render(base=self.assets_url, url=safe_url)
3538

3639
@property
3740
def file_required(self):

mfr/extensions/jsc3d/render.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77

88
from mfr.core import extension
99
from mfr.extensions.jsc3d import settings
10-
from mfr.extensions.utils import munge_url_for_localdev
10+
from mfr.extensions.utils import munge_url_for_localdev, escape_url_for_template
1111

1212

1313
class JSC3DRenderer(extension.BaseRenderer):
@@ -21,18 +21,20 @@ def render(self):
2121
self.metrics.add('needs_export', False)
2222
if self.metadata.ext in settings.EXPORT_EXCLUSIONS:
2323
download_url = munge_url_for_localdev(self.metadata.download_url)
24+
safe_url = escape_url_for_template(download_url.geturl())
2425
return self.TEMPLATE.render(
2526
base=self.assets_url,
26-
url=download_url.geturl(),
27+
url=safe_url,
2728
ext=self.metadata.ext.lower(),
2829
)
2930

3031
exported_url = furl.furl(self.export_url)
3132
exported_url.args['format'] = settings.EXPORT_TYPE
3233
self.metrics.add('needs_export', True)
34+
safe_url = escape_url_for_template(exported_url.url)
3335
return self.TEMPLATE.render(
3436
base=self.assets_url,
35-
url=exported_url.url,
37+
url=safe_url,
3638
ext=settings.EXPORT_TYPE,
3739
)
3840

mfr/extensions/pdb/render.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
from mfr.core import extension
88
from mfr.extensions.pdb import settings
9-
from mfr.extensions.utils import munge_url_for_localdev
9+
from mfr.extensions.utils import munge_url_for_localdev, escape_url_for_template
1010

1111

1212
class PdbRenderer(extension.BaseRenderer):
@@ -18,9 +18,10 @@ class PdbRenderer(extension.BaseRenderer):
1818

1919
def render(self):
2020
download_url = munge_url_for_localdev(self.metadata.download_url)
21+
safe_url = escape_url_for_template(download_url.geturl())
2122
return self.TEMPLATE.render(
2223
base=self.assets_url,
23-
url=download_url.geturl(),
24+
url=safe_url,
2425
options=json.dumps(settings.OPTIONS),
2526
)
2627

mfr/extensions/svg/render.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
from mako.lookup import TemplateLookup
55

66
from mfr.core import extension
7+
from mfr.extensions.utils import escape_url_for_template
78

89

910
class SvgRenderer(extension.BaseRenderer):
@@ -14,7 +15,8 @@ class SvgRenderer(extension.BaseRenderer):
1415
]).get_template('viewer.mako')
1516

1617
def render(self):
17-
return self.TEMPLATE.render(base=self.assets_url, url=self.url)
18+
safe_url = escape_url_for_template(self.url)
19+
return self.TEMPLATE.render(base=self.assets_url, url=safe_url)
1820

1921
@property
2022
def file_required(self):

mfr/extensions/utils.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ def munge_url_for_localdev(url: str) -> Tuple:
2929
return url_obj
3030

3131

32-
def escape_url_for_template(url: str, logs=False) -> str:
32+
def escape_url_for_template(url: str, logs: bool=True) -> str:
3333
"""Escape (URL Encode) single and double quote(s) for the given URL.
3434
3535
Download and export URLs may end up not properly encoded right before they are about to be sent

mfr/extensions/video/render.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
from mako.lookup import TemplateLookup
44

55
from mfr.core import extension
6-
from mfr.extensions.utils import munge_url_for_localdev
6+
from mfr.extensions.utils import munge_url_for_localdev, escape_url_for_template
77

88

99
class VideoRenderer(extension.BaseRenderer):
@@ -15,7 +15,8 @@ class VideoRenderer(extension.BaseRenderer):
1515

1616
def render(self):
1717
download_url = munge_url_for_localdev(self.metadata.download_url)
18-
return self.TEMPLATE.render(url=download_url.geturl())
18+
safe_url = escape_url_for_template(download_url.geturl())
19+
return self.TEMPLATE.render(url=safe_url)
1920

2021
@property
2122
def file_required(self):

0 commit comments

Comments
 (0)