将未转义的html插入django制作的rss feed中

b1payxdu  于 2023-06-25  发布在  Go
关注(0)|答案(6)|浏览(115)

我试图使用django创建一个podcast rss feed使用feedgenerator.Rss201rev2Feed作为一个feed generator,它的工作方式有点opposite to BeautifulSoup:将信息放入适当的xml标记中
它工作得很好,除了我不想逃避所有的html
特别是,我希望rss提要的<itunes:summary>值如下所示:<itunes:summary><![CDATA[Link to <a href="http://www.website.com">the website</a>]]></itunes:summary>,按照Apple spec
如果我在普通视图中呈现html,我可以在html模板中使用|safe过滤器。我现在需要一些类似的东西,以选择性地防止<在rss提要中被转义。
也就是说,我需要rss与<![CDATA[...]]一起出现,而不是转义为&lt;![CDATA[...]]&gt;
然而,似乎Django“Django自动转义RSS提要(或任何XML)中的特殊字符,不管你是否通过安全过滤器”(参见this 2009 question

  • 还没找到 *

因此,迄今为止使用mark_safe的尝试被证明是无用的。
我也不确定如何解释一个想法,即传递“autoescape=False到django.contrib.syndication.feeds中的render()调用”。
, escape=False添加到addQuickElement注解中的建议返回错误

handler.addQuickElement(u'itunes:summary',item['summary'], escape=False)
 TypeError: addQuickElement() got an unexpected keyword argument 'escape'

这是一个老问题,但我至今找不到任何解决办法。
有谁知道一个巧妙的方法来让<![CDATA[...出现在最终提要中,而不是逃避到&lt;![CDATA[...

编辑:这是我发布这个问题时的当前形式的代码(我还没有尝试合并@Lego的答案)

import mimetypes

from django.conf import settings
from django.contrib.syndication.views import Feed

# For customising the feed
from django.utils.feedgenerator import Rss201rev2Feed
from django.utils import feedgenerator
# see also https://github.com/blancltd/blanc-basic-podcast/blob/master/blanc_basic_podcast/podcast/itunesfeed.py
# and https://github.com/aneumeier/feeds/blob/master/feeds/rss.py
# and https://github.com/blancltd/blanc-basic-podcast/blob/master/blanc_basic_podcast/podcast/feeds.py
# and https://docs.djangoproject.com/en/1.7/ref/contrib/syndication/#custom-feed-generators

from django.contrib.auth.models import User
from django.shortcuts import get_object_or_404
from django.utils.translation import ugettext_lazy as _
from django.contrib.sites.models import Site

from audiotracks.models import get_track_model, Playlist
Track = get_track_model()

ITEMS_PER_FEED = getattr(settings, 'AUDIOTRACKS_PODCAST_LIMIT', 99)
# MarkAdded @ToDo revisit that default maximum num. tracks per feed

from django.core.urlresolvers import reverse, reverse_lazy

from django_slack import slack_message



######################################################################
##### try adapting code from https://github.com/CaptainHayashi/django-lass-uryplayer/blob/master/uryplayer/feeds.py

from django.utils.feedgenerator import Rss201rev2Feed
from django.contrib.syndication.views import Feed
from django.contrib.sites.models import Site
from django.db.models import permalink
# from uryplayer.models import Podcast
import datetime
# MarkAdded in attempt to have un-escaped <![CDATA[...]]
from django.utils.safestring import mark_safe

# from https://stackoverflow.com/questions/275174/how-do-i-perform-html-decoding-encoding-using-python-django
try:
    from html.parser import HTMLParser  # py3
except ImportError:
    from HTMLParser import HTMLParser  # py2

unescape = HTMLParser().unescape
# print(unescape("&gt;"))
# That proved useless so far


class iTunesPodcastsFeedGenerator(Rss201rev2Feed):

    def rss_attributes(self):
        return {u"version": self._version, u"xmlns:atom": u"http://www.w3.org/2005/Atom", u'xmlns:itunes': u'http://www.itunes.com/dtds/podcast-1.0.dtd'}

    def add_root_elements(self, handler):
        super(iTunesPodcastsFeedGenerator, self).add_root_elements(handler)
        handler.addQuickElement(u'itunes:subtitle', self.feed['subtitle'])
        handler.addQuickElement(u'itunes:author', self.feed['author_name'])
        # handler.addQuickElement(u'itunes:summary', mark_safe(self.feed['description']))
        handler.addQuickElement(u'itunes:summary', unescape(mark_safe(self.feed['description'])))

        # handler.addQuickElement(u'itunes:image', self.feed['iTunes_image_url'])
        handler.addQuickElement('itunes:image', '' , { 'href' : self.feed['iTunes_image_url']})
        # that's from https://gitorious.org/podjango/podjango/commit/621857be0a3d7c44f1925c7daf471c38ea62c180?diffmode=sidebyside

        handler.addQuickElement(u'itunes:explicit', self.feed['iTunes_explicit'])
        handler.startElement(u"itunes:owner", {})
        handler.addQuickElement(u'itunes:name', self.feed['iTunes_name'])
        handler.addQuickElement(u'itunes:email', self.feed['iTunes_email'])
        handler.endElement(u"itunes:owner")

        # @ToDo: add categories

    def add_item_elements(self,  handler, item):
        super(iTunesPodcastsFeedGenerator, self).add_item_elements(handler, item)
        handler.addQuickElement(u'itunes:summary', unescape(item['summary']))
        handler.addQuickElement(u'itunes:explicit',item['explicit'])
        # handler.addQuickElement(u'itunes:image', item['iTunes_image_url'])
        handler.addQuickElement(u'itunes:image', '' , { 'href' : self.feed['iTunes_image_url']})

    # def __unicode__(self):
    #     return unicode(self.order_num)

class iTunesPodcastPost():
    def __init__(self, podcast): # note: podcast here = Track for me
        self.id = podcast.id
        # self.date_submitted = podcast.date_submitted
        self.pub_date = podcast.pub_date
        self.title = podcast.title if podcast.title else "Track"
        self.summary = unescape(podcast.description) if podcast.description else "Cool thing"
        # self.description = mark_safe("<![CDATA[%s]]>" % (podcast.description)) if podcast.description else ""
        self.description = podcast.description if podcast.description else "Cool thing"

        self.enclosure_url = podcast.awe_url # defined in models.py

        self.enclosure_length = podcast.size if podcast.size else 1 # u'unkown duration'
        self.enclosure_mime_type = u'audio/mpeg' # @ToDo generalise once we have other types
        self.explicit = u'yes' if podcast.explicit else u'no'
        self.url = podcast.get_absolute_url

        self.iTunes_image_url = podcast.main_image_url # if podcast.main_image_url else 'http://fun.com'

        self.length = podcast.time_duration if podcast.time_duration else 11 # "TBD"
        self.user_id = podcast.user_id
        self.user = User.objects.get(id = podcast.user_id)
        self.slug = podcast.slug
        self.duration = podcast.time_duration if podcast.time_duration else "5:00" # "Duration TBC"

        # if categories:
        #     categories = [to_unicode(c) for c in categories]
        # see https://docs.djangoproject.com/en/1.7/_modules/django/utils/feedgenerator/#SyndicationFeed.add_root_elements

    def __unicode__(self):
        return self.title

    def get_absolute_url(self):
        # return "%s" % self.url()
        # user = User.objects.get(id=self.user_id)
        return reverse('track_detail', args=[self.user.username, self.slug]) 

class iTunesPodcastsFeed(Feed):
    """
    A feed of podcasts for iTunes and other compatible podcatchers.
    Based on https://github.com/CaptainHayashi/django-lass-uryplayer/blob/master/uryplayer/feeds.py
    """

    def get_object(self, request, username, playlist_slug):
        self.request = request
        # return get_object_or_404(User, username=username)
        user = get_object_or_404(User, username=username)
        return get_object_or_404(Playlist, user_id=user.id, slug=playlist_slug)

    def link(self, playlist):
        # return self.request.build_absolute_uri("/@%s/" % user.username)
        user = User.objects.get(id=playlist.user_id)
        return reverse('playlist_index', args=[user.username, playlist.slug])

    def title(self, playlist):

        return playlist.title

    # description_template = mark_safe("defaults/playlist_description_missing.html")
    # not using that

    def description(self, playlist):
        if playlist.description:
            return playlist.description
            # return mark_safe("<![CDATA[%s]]>" % (playlist.description))
            # No, I won't wrap in CDATA until I can avoid escaping the "<" signs here

        else:
            return "[Auto text] The creator has not written a description."
            # return render_to_string("defaults/playlist_description_missing.txt")
            # pass

    def iTunes_image_url(self, obj): # TypeError: coercing to Unicode: need string or buffer, instancemethod found
        if obj.main_image_url:
            return unicode(obj.main_image_url) # obj.main_image_url
        else:
            return u'https://dl.dropboxusercontent.com/u/16441973/publicstatic/img/playlist-icon.png'

    # author_name = 'University Radio York'
    # modified from https://github.com/aneumeier/feeds/blob/master/feeds/rss.py
    def author_name(self, obj): # obj = playlist
        """
        Return the author for this feed.
        The feed is in `obj`, provided by `get_object`
        """
        if obj.author:
            return u"%s" % obj.author
        else:
            return 'Playlist created by %s' % (obj.user.username)

    def subtitle(self, obj): # obj = playlist
        """
        Return the author for this feed.
        The feed is in `obj`, provided by `get_object`
        """
        if obj.subtitle:
            return u"%s" % obj.author
        else:
            return '%s created in 2015' % (obj.title)

    # def summary(self, obj):
    #     return obj.description

    # @ToDo: finish adapting rest of this from the hard-coded URY values to actual values for my implementation

    iTunes_name = u'Hard-coded iTunes name for now'
    iTunes_email = u'm@rkmoriarty.com' 
    # @ToDo: make dynamic, not hard-coded

    iTunes_explicit = u'no'
    feed_type = iTunesPodcastsFeedGenerator
    feed_copyright = "Copyright 1967-%s University Radio York" % datetime.date.today().year


    def feed_extra_kwargs(self, playlist):
        extra = {}
        extra['iTunes_name'] = self.iTunes_name
        extra['iTunes_email'] = self.iTunes_email
        # extra['iTunes_image_url'] = self.iTunes_image_url
        def get_image(self, playlist):
            if playlist.main_image_url:
                return playlist.main_image_url
            else:
                return "https://dl.dropboxusercontent.com/u/16441973/publicstatic/img/rss_playlist_icon_placeholder.png"
                # @ToDo: replace with Awesound logo
            # return render_to_string("defaults/playlist_description_missing.txt")
            # pass

        extra['iTunes_image_url'] = get_image(self, playlist)
        extra['iTunes_explicit'] = self.iTunes_explicit

        return extra

    def items(self, playlist):
        """
        Returns a list of items to publish in this feed.
        """
        posts = playlist.tracks.all().order_by('-pub_date').order_by("-created_at")[:99]
        posts = [iTunesPodcastPost(item) for item in posts]
        return posts

    def item_extra_kwargs(self, item):
        return {'summary':unescape(mark_safe(item.description)), 
            'explicit':item.explicit,   
            'iTunes_image_url':item.iTunes_image_url}
            # was summary: item.summary

    # MarkAdded
    def item_link(self, item):
        # return item.enclosure_length
        if item.user_id:
            # we have a normal track created by a user
            # user = User.objects.get(id = item.user_id)
            return reverse('track_detail', args=[item.user.username, item.slug])
        else:
            # we have a funny track without a user, e.g., created via command line
            return 'Exception:TrackWithoutUser'

    def item_pubdate(self, item):
        return item.pub_date

    def item_enclosure_url(self, item):
        return item.enclosure_url

    def item_enclosure_length(self, item):
        # return item.enclosure_length
        return item.length

    def item_enclosure_mime_type(self, item):
        # return item.enclosure_mime_type
        return 'audio/mpeg' # @ToDo: make dynamic

    def item_description(self, item):
        # return item.summary
        if item.description:
            return unescape(mark_safe(item.description))
        else:
            return "User has not written a description. This is an automatic message"

# current_site = Site.objects.get_current()
current_site = 'https://greatsite.com'
iTunes_feed = iTunesPodcastsFeed()


### the above will be called if both username and playlist_slug are deteced in the url
### there are two older methods to handle other situations

class AllTracks(Feed):
    #
    # working old method, not relevant to html escaping question
    #

class UserTracks(AllTracks):
    #
    # working old method, not relevant to my question
    #

all_tracks = AllTracks()
user_tracks = UserTracks()

### note, both of those are also subject to full html escaping also


def choose_feed(request, *args, **kwargs):
    """
    Pick up the user feed or the global feed depending on whether or not the
    URL contains a username parameter
    """
    # feed = user_tracks if 'username' in kwargs else all_tracks
    if 'username' in kwargs:
        if 'playlist_slug' in kwargs:
            # feed = podcast_feed  
            slug = kwargs['playlist_slug']
            feed = iTunes_feed
            if request.user:
                user = request.user
                slack_message('slackmessages/playlist_feed.slack', { #django_slack/slackmessages/
                    'playlist': Playlist.objects.get(slug=slug),
                    'user':user,
                    })
        else:

            feed = user_tracks
    else:
        feed = all_tracks     

    return feed.__call__(request, *args, **kwargs)
django

6条答案

按热度按时间
wwtsj6pe

wwtsj6pe1#

您可以替换代码:

contents = '<![CDATA[ contents ]]'
    xml.addQuickElement('element', contents=contents)

其中:

contents = 'contents'
    xml.startElement('element', {})
    xml._write(f'<![CDATA[ {contents} ]]')
    xml.endElement('element')
赞(0)分享  回复(0)举报  2023-06-25
rvpgvaaj

rvpgvaaj2#

因此,根据文档handler是一个XMLGenerator,调用addQuickElement时假设所有内容都是字符数据。这就是为什么它被逃脱。
您可能要做的是覆盖SyndicationFeed.add_item_elements(self, handler, item)并使用addQuickElement插入a元素,然后使用startElementendElement添加itunes:summary标记。

class iTunesFeed(Rss201rev2Feed):
    def add_item_elements(self, handler item):
        super(iTunesFeed, self).add_root_elements(handler)
        handler.startElement('itunes:summary')
        handler.characters('Link to ')            
        handler.addQuickElement('a', 'the website', {'href':'http://www.website.com'})
        handler.endElement('itunes:summary')

这可能不是100%的功能,但应该让你非常接近。

赞(0)分享  回复(0)举报  2023-06-25
46qrfjad

46qrfjad3#

下面是我如何在不转义CDATA标记的情况下将它们输入到输出中的。我创建了从Rss20rev2Feed默认使用的SimplerXMLGenerator继承的AppleGenerator。然后我去覆盖写函数Rss201rev2feed使用新的AppleGenerator我创建。然后,对于AppleGenerator,我覆盖了字符和addQuickElement函数,以获取可选输入来禁用转义。

from django.utils.xmlutils import SimplerXMLGenerator
from xml.sax.saxutils import escape

class AppleGenerator(SimplerXMLGenerator):
    def addQuickElement(self, name, contents=None, attrs=None, escape_char=True):
        "Convenience method for adding an element with no children"
        if attrs is None: attrs = {}
        self.startElement(name, attrs)
        if contents is not None:
            self.characters(contents, escape_char=escape_char)
        self.endElement(name)

    def characters(self, content, escape_char=True):
        if content:
            self._finish_pending_start_element()
            if not isinstance(content, str):
                content = str(content, self._encoding)
            if escape_char:
                self._write(escape(content))
            else:
                self._write(content)

class ApplePodcastsFeedGenerator(Rss201rev2Feed):
    def write(self, outfile, encoding):
        handler = AppleGenerator(outfile, encoding)
        handler.startDocument()
        handler.startElement("rss", self.rss_attributes())
        handler.startElement("channel", self.root_attributes())
        self.add_root_elements(handler)
        self.write_items(handler)
        self.endChannelElement(handler)
        handler.endElement("rss")

重写基本上与函数之前所做的完全相同,但添加了一种不转义它们的方法。下面是saxutils的源代码:
https://github.com/python/cpython/blob/3.7/Lib/xml/sax/saxutils.py
以下是django SimplerXMLGenerator的源代码:https://github.com/django/django/blob/master/django/utils/xmlutils.py

赞(0)分享  回复(0)举报  2023-06-25
zz2j4svz

zz2j4svz4#

这仍然是这个问题在谷歌上的头号点击,所以这里是基于尼克的回复的完整答案:

from xml.sax.saxutils import XMLGenerator

class MySimplerXMLGenerator(XMLGenerator):
    def addQuickElement(self, name, contents=None, attrs=None):
        "Convenience method for adding an element with no children"
        if attrs is None:
            attrs = {}
        self.startElement(name, attrs)
        if contents is not None:
            if contents.startswith('<![CDATA['):
                self.unescaped_characters(contents)
            else:
                self.characters(contents)
        self.endElement(name)

    def characters(self, content):
        if content and re.search(r'[\x00-\x08\x0B-\x0C\x0E-\x1F]', content):
            # Fail loudly when content has control chars (unsupported in XML 1.0)
            # See https://www.w3.org/International/questions/qa-controls
            raise UnserializableContentError("Control characters are not supported in XML 1.0")
        XMLGenerator.characters(self, content)

    def unescaped_characters(self, content):
        if content and re.search(r'[\x00-\x08\x0B-\x0C\x0E-\x1F]', content):
            # Fail loudly when content has control chars (unsupported in XML 1.0)
            # See https://www.w3.org/International/questions/qa-controls
            raise UnserializableContentError("Control characters are not supported in XML 1.0")
        XMLGenerator.ignorableWhitespace(self, content)

    def startElement(self, name, attrs):
        # Sort attrs for a deterministic output.
        sorted_attrs = dict(sorted(attrs.items())) if attrs else attrs
        super().startElement(name, sorted_attrs)

上面的代码与Django的处理程序相同,但添加了额外的“unescaped_characters”方法,并对“content”进行条件检查,以查看它是否以“<![CDATA ['.正如您所看到的,unescaped_characters调用saxutils的XMLGenerator的“ignoreWhitespace”方法,该方法与其“characters”方法相同,只是没有转义任何内容。
从这一点开始,你可以添加一个新的“write()”方法到你的Feed类,这应该像Django代码的注解中提到的那样去做,以覆盖处理程序方法,它提供了你修改后的处理程序,就像这样,与原始的处理程序相同,但是替换了处理程序类定义:

class iTunesPodcastsFeedGenerator(Rss201rev2Feed):

    def write(self, outfile, encoding):
        handler = MySimplerXMLGenerator(outfile, encoding)
        handler.startDocument()
        handler.startElement("rss", self.rss_attributes())
        handler.startElement("channel", self.root_attributes())
        self.add_root_elements(handler)
        self.write_items(handler)
        self.endChannelElement(handler)
        handler.endElement("rss")

现在,您已经有了一个新的处理程序,它将选择性地不转义以'<![CDATA['因此,您所要做的就是手动将这些标记前/后挂到HTML字段中,并通过其他方式转义这些字符串,例如,如果您已经安装并希望使用bleach...

class iTunesPodcastsFeedGenerator(Rss201rev2Feed):

    def add_root_elements(self, handler):
        handler.addQuickElement("description", '<![CDATA[' + bleach.clean(self.feed['description'], strip=True, tags=['p', 'ul', 'li', 'a']) + ']]>')

在撰写本文时,Apple(以及其他大部分播客目录)允许段落,无序列表和描述中的链接,因此上面是一个播客提要示例,应该可以正常工作。

赞(0)分享  回复(0)举报  2023-06-25
vawmfj5a

vawmfj5a5#

在Django 1.10中,我也面临着同样的问题,并追溯到所有逃逸发生的地方。django.utils.RssFeed.write()使用django.utils.xmlutils.SimplerXMLGenerator作为处理程序写入项。这个处理程序派生自xml.sax.saxutils.XMLGenerator,它有一个characters-方法,可以转义所有内容。所以要unescape你放入feed的所有东西,首先覆盖XML-handler:

from django.utils.xmlutils import SimplerXMLGenerator
class UnescapedXMLGenerator(SimplerXMLGenerator):
    def characters(self, content):
        """
        code is mainly copy-paste from Django 1.10 SimplerXMLGenerator.characters
        """
        if content and re.search(r'[\x00-\x08\x0B-\x0C\x0E-\x1F]', content):
            # Fail loudly when content has control chars (unsupported in XML 1.0)
            # See http://www.w3.org/International/questions/qa-controls
            raise UnserializableContentError("Control characters are not supported in XML 1.0")

        # next part from sax.saxutils.XMLGenerator, but without escaping
        if not isinstance(content, unicode):
            content = unicode(content, self._encoding)
        self._write(content)

下一步是重写提要的write-method以使用新的处理程序。这里以Rss2.01 Feed为例:

from django.utils import feedgenerator
class Rss201rev2FeedUnescaped(feedgenerator.Rss201rev2Feed):
    """
    Rss 2.01 Feed that doesn't escape content
    """
    def write(self, outfile, encoding):
        """
        code is mainly copy-paste from django.utils.feedgenerator.Rss201rev2Feed
        except that the handler is set to UnescapedXMLGenerator
        """
        handler = UnescapedXMLGenerator(outfile, encoding)
        handler.startDocument()
        handler.startElement("rss", self.rss_attributes())
        handler.startElement("channel", self.root_attributes())
        self.add_root_elements(handler)
        self.write_items(handler)
        self.endChannelElement(handler)
        handler.endElement("rss")
赞(0)分享  回复(0)举报  2023-06-25
7fyelxc5

7fyelxc56#

对我有用的是使用下面的代码改进@RNC答案:

from django.utils.feedgenerator import Rss201rev2Feed
from django.utils.xmlutils import SimplerXMLGenerator
from django.contrib.syndication.views import Feed

#override django's simplerXMLGenerator class

class CustomXMLGenerator(SimplerXMLGenerator):
"""Override defaults django XML Generator to allow writing contents with CDATA prefix"""

def addQuickElement(self, name, contents=None, attrs=None):
    "Convenience method for adding an element with no children"
    if attrs is None:
        attrs = {}
    self.startElement(name, attrs)
    if contents is not None:
        if contents.startswith("<![CDATA["):
            # this is the main function that ignores the whitespace and doesn't escape the content
            self.ignorableWhitespace(contents)
        else:
            self.characters(contents)
    self.endElement(name)

class RSSFeedMixin(Rss201rev2Feed):
"""The wrapper class for the base RSSFeed class"""

    def write(self, outfile, encoding):
        #point to the custom class

        handler = CustomXMLGenerator(outfile, encoding)
        handler.startDocument()
        handler.startElement("rss", self.rss_attributes())
        handler.startElement("channel", self.root_attributes())
        self.add_root_elements(handler)
        self.write_items(handler)
        self.endChannelElement(handler)
        handler.endElement("rss")

class GlobalFeed(Feed):

    def wrap_with_cdata(self, text):
        """Utility method to wrap a text in CDATA block"""
        content = "<![CDATA[ "
        content += text
        content += " ]]>"

        return content

       ...

    def item_author_name(self, item: Article) -> str:
        """
        Takes an item, as returned by items(), and returns the item's
        author's name as a normal Python string.
        """
        #wrap with the utility method
        return self.wrap_with_cdata(item.author.fullname)

希望能帮上忙。

赞(0)分享  回复(0)举报  2023-06-25
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com