From f7bd84cdacdd665ff73ae8d09a202f60be2ebae9 Mon Sep 17 00:00:00 2001 From: Ilya Kreymer Date: Mon, 14 Jun 2021 17:09:00 -0700 Subject: [PATCH] Localization / doc fixes (#650) * localization / doc fixes: - add missing header.html - docs: support 'i18n' extra, mention in docs - use 'default_locale' for html lang tag - access control docs: fix documentation for adding user with acl command * localization: add compile_catalog after extract as well to simplify updates for identity (en) locale * ui: - include locale in home page collection listing - keep locale on error page home link * autoescape: - ensure jinja2 templates are autoescaped to prevent xss issues (thanks @sebastian-nagel for suggested fix) - ensure banner inserts are not double-escaped - update tests for template autoescaping * update CHANGES.rst * bump version to 2.6.0b1 --- CHANGES.rst | 14 ++++++++++++++ config.yaml | 3 --- docs/manual/access-control.rst | 2 +- docs/manual/localization.rst | 5 +++++ pywb/manager/locmanager.py | 2 ++ pywb/rewrite/templateview.py | 4 +++- pywb/templates/base.html | 2 +- pywb/templates/error.html | 2 +- pywb/templates/frame_insert.html | 4 ++++ pywb/templates/head_insert.html | 4 ++++ pywb/templates/header.html | 13 +++++++++++++ pywb/templates/index.html | 2 +- pywb/version.py | 2 +- setup.py | 3 +++ tests/test_auto_colls.py | 7 ++++--- 15 files changed, 57 insertions(+), 12 deletions(-) create mode 100644 pywb/templates/header.html diff --git a/CHANGES.rst b/CHANGES.rst index 112c6cf22..352bfebd9 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,3 +1,17 @@ +pywb 2.6.0b1 changelist +~~~~~~~~~~~~~~~~~~~~~~~ + +Additional documentation / localization fixes `#650 `_ + +* Ensure home page and error page keeps locale, language switching is working. + +* Add autoescaping to Jinja2 to avoid XSS issues (suggested by @sebastian-nagel) + +* Add support for 'pywb[i18n]' extra to install localization dependencies + +Documentation typo fixes (by @ldko, `#649 `_) + + pywb 2.6.0b0 changelist ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/config.yaml b/config.yaml index 5522c6851..01827eb27 100644 --- a/config.yaml +++ b/config.yaml @@ -17,6 +17,3 @@ enable_memento: true # Replay content in an iframe framed_replay: true -locales: - - en - - es diff --git a/docs/manual/access-control.rst b/docs/manual/access-control.rst index 6dce1c7ad..8b1c5763c 100644 --- a/docs/manual/access-control.rst +++ b/docs/manual/access-control.rst @@ -187,7 +187,7 @@ The URL supplied can be a URL or a SURT prefix. If a SURT is supplied, it is use A specific user for user-based rules can also be specified, for example to add ``allow_ignore_embargo`` for user ``staff`` only, run:: - wb-manager acl add http://httpbin.org/anything/something allow_ignore_embargo staff + wb-manager acl add http://httpbin.org/anything/something allow_ignore_embargo -u staff By default, access control rules apply to a prefix of a given URL or SURT. diff --git a/docs/manual/localization.rst b/docs/manual/localization.rst index adfd5012b..8055a3dcf 100644 --- a/docs/manual/localization.rst +++ b/docs/manual/localization.rst @@ -9,10 +9,15 @@ pywb can extract all text from templates and generate CSV files for translation (pywb uses the `Babel library `_ which extends the `standard Python i18n system `_) +To ensure all localization related dependencies are installed, first run:: + + pip install pywb[i18n] + Locales to use are configured in the ``config.yaml``. The command-line ``wb-manager`` utility provides a way to manage locales for translation, including generating extracted text, and to update translated text. + Adding a Locale and Extracting Text =================================== diff --git a/pywb/manager/locmanager.py b/pywb/manager/locmanager.py index c031ac14c..fcbe034cf 100644 --- a/pywb/manager/locmanager.py +++ b/pywb/manager/locmanager.py @@ -41,6 +41,8 @@ def extract_loc(self, locale, no_csv): csv = os.path.join(base, 'messages.csv') po2csv([po, csv]) + self.compile_catalog() + def update_loc(self, locale, no_csv): for loc in locale: if not no_csv: diff --git a/pywb/rewrite/templateview.py b/pywb/rewrite/templateview.py index 122e18d51..4a3881519 100644 --- a/pywb/rewrite/templateview.py +++ b/pywb/rewrite/templateview.py @@ -5,7 +5,7 @@ from six.moves.urllib.parse import urlsplit, quote -from jinja2 import Environment, TemplateNotFound, contextfunction +from jinja2 import Environment, TemplateNotFound, contextfunction, select_autoescape from jinja2 import FileSystemLoader, PackageLoader, ChoiceLoader from babel.support import Translations @@ -77,10 +77,12 @@ def __init__(self, paths=None, if overlay: jinja_env = overlay.jinja_env.overlay(loader=loader, + autoescape=select_autoescape(), trim_blocks=True, extensions=extensions) else: jinja_env = RelEnvironment(loader=loader, + autoescape=select_autoescape(), trim_blocks=True, extensions=extensions) diff --git a/pywb/templates/base.html b/pywb/templates/base.html index 0bb02c270..2160a8bc5 100644 --- a/pywb/templates/base.html +++ b/pywb/templates/base.html @@ -1,5 +1,5 @@ - + diff --git a/pywb/templates/error.html b/pywb/templates/error.html index 9b2f22975..63e2c68c9 100644 --- a/pywb/templates/error.html +++ b/pywb/templates/error.html @@ -13,7 +13,7 @@

Pywb Error

{% elif err_status == 404 and err_details == 'coll_not_found' %}

{% trans %}Collection not found: {{ err_msg }}{% endtrans %}

-

{{ _('See list of valid collections') }}

+

{{ _('See list of valid collections') }}

{% elif err_status == 404 and err_details == 'static_file_not_found' %}

{% trans %}Static file not found: {{ err_msg }}{% endtrans %}

diff --git a/pywb/templates/frame_insert.html b/pywb/templates/frame_insert.html index 544cb767e..af67eed3d 100644 --- a/pywb/templates/frame_insert.html +++ b/pywb/templates/frame_insert.html @@ -14,8 +14,12 @@ +{% autoescape false %} + {{ banner_html }} +{% endautoescape %} + diff --git a/pywb/templates/head_insert.html b/pywb/templates/head_insert.html index 924c46b1e..f49d73a8c 100644 --- a/pywb/templates/head_insert.html +++ b/pywb/templates/head_insert.html @@ -1,3 +1,5 @@ +{% autoescape false %} +