Escape non-printable values in request vars panel (fixes #9)

2025-12-30 18:19:31 -06:00 · 2012-02-14 18:51:21 -08:00
parent 45ce65c058
commit a48efe822a
2 changed files with 88 additions and 99 deletions
--- a/flask_debugtoolbar/init.py
+++ b/flask_debugtoolbar/init.py
@@ -25,6 +25,13 @@ def replace_insensitive(string, target, replacement):
        return string


+def _printable(string):
+    if isinstance(string, unicode):
+        return string.encode('unicode_escape')
+    else:
+        return string.encode('string_escape')
+
+
 class DebugToolbarExtension(object):
    _static_dir = os.path.realpath(
        os.path.join(os.path.dirname(__file__), 'static'))
@@ -61,6 +68,7 @@ class DebugToolbarExtension(object):
            extensions=['jinja2.ext.i18n'],
            loader=PackageLoader(__name__, 'templates'))
        self.jinja_env.filters['urlencode'] = url_quote_plus
+        self.jinja_env.filters['printable'] = _printable

        app.add_url_rule('/_debug_toolbar/static/<path:filename>',
            '_debug_toolbar.static', self.send_static_file)
--- a/flask_debugtoolbar/templates/panels/request_vars.html
+++ b/flask_debugtoolbar/templates/panels/request_vars.html
@@ -1,123 +1,104 @@

 <h4>View information</h4>
 <table>
-	<thead>
-		<tr>
-			<th>View Function</th>
-			<th>args</th>
-			<th>kwargs</th>
-		</tr>
-	</thead>
-	<tbody>
-		<tr>
-			<td>{{ view_func }}</td>
-			<td>{{ view_args|default("None") }}</td>
-			<td>
-			{% if view_kwargs.items() %}
-				{% for k, v in view_kwargs.items() %}
-					{{ k }}={{ v }}{% if not loop.last %}, {% endif %}
-				{% endfor %}
-			{% else %}
-				None
-			{% endif %}
-			</td>
-		</tr>
-	</tbody>
+    <thead>
+        <tr>
+            <th>View Function</th>
+            <th>args</th>
+            <th>kwargs</th>
+        </tr>
+    </thead>
+    <tbody>
+        <tr>
+            <td>{{ view_func }}</td>
+            <td>{{ view_args|default("None") }}</td>
+            <td>
+            {% if view_kwargs.items() %}
+                {% for k, v in view_kwargs.items() %}
+                    {{ k }}={{ v }}{% if not loop.last %}, {% endif %}
+                {% endfor %}
+            {% else %}
+                None
+            {% endif %}
+            </td>
+        </tr>
+    </tbody>
 </table>

+{% macro show_map(map) %}
+    <table>
+        <colgroup>
+            <col style="width:20%"/>
+            <col/>
+        </colgroup>
+        <thead>
+            <tr>
+                <th>Variable</th>
+                <th>Value</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for key, value in map %}
+                <tr class="{{ loop.cycle('flDebugOdd' 'flDebugEven') }}">
+                    <td>{{ key|printable }}</td>
+                    <td>{{ value|printable }}</td>
+                </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+{% endmacro %}
+
+
 <h4>COOKIES Variables</h4>
 {% if cookies %}
-	<table>
-		<colgroup>
-			<col style="width:20%"/>
-			<col/>
-		</colgroup>
-		<thead>
-			<tr>
-				<th>Variable</th>
-				<th>Value</th>
-			</tr>
-		</thead>
-		<tbody>
-			{% for key, value in cookies %}
-				<tr class="{{ loop.cycle('flDebugOdd' 'flDebugEven') }}">
-					<td>{{ key|escape }}</td>
-					<td>{{ value|escape }}</td>
-				</tr>
-			{% endfor %}
-		</tbody>
-	</table>
+    {{ show_map(cookies) }}
 {% else %}
-	<p>No COOKIE data</p>
+    <p>No COOKIE data</p>
 {% endif %}

 <h4>SESSION Variables</h4>
 {% if session %}
-	<table>
-		<colgroup>
-			<col style="width:20%"/>
-			<col/>
-		</colgroup>
-		<thead>
-			<tr>
-				<th>Variable</th>
-				<th>Value</th>
-			</tr>
-		</thead>
-		<tbody>
-			{% for key, value in session %}
-				<tr class="{{ loop.cycle('flDebugOdd' 'flDebugEven') }}">
-					<td>{{ key|escape }}</td>
-					<td>{{ value|escape }}</td>
-				</tr>
-			{% endfor %}
-		</tbody>
-	</table>
+    {{ show_map(session) }}
 {% else %}
-	<p>No SESSION data</p>
+    <p>No SESSION data</p>
 {% endif %}

+
+{% macro show_multi_map(map) %}
+    <table>
+        <thead>
+            <tr>
+                <th>Variable</th>
+                <th>Value</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for key, value in map %}
+                <tr class="{{ loop.cycle('flDebugOdd' 'flDebugEven') }}">
+                    <td>{{ key|printable }}</td>
+                    <td>
+                      {%- set sep = joiner() -%}
+                      {%- for v in value -%}
+                          {{ sep() }}{{ v|printable }}
+                      {%- endfor -%}
+                    </td>
+                </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+{% endmacro %}
+
+
 <h4>GET Variables</h4>
 {% if get %}
-	<table>
-		<thead>
-			<tr>
-				<th>Variable</th>
-				<th>Value</th>
-			</tr>
-		</thead>
-		<tbody>
-			{% for key, value in get %}
-				<tr class="{{ loop.cycle('flDebugOdd' 'flDebugEven') }}">
-					<td>{{ key|escape }}</td>
-					<td>{{ value|join(", ")|escape }}</td>
-				</tr>
-			{% endfor %}
-		</tbody>
-	</table>
+    {{ show_multi_map(get) }}
 {% else %}
-	<p>No GET data</p>
+    <p>No GET data</p>
 {% endif %}

 <h4>POST Variables</h4>
 {% if post %}
-	<table>
-		<thead>
-			<tr>
-				<th>Variable</th>
-				<th>Value</th>
-			</tr>
-		</thead>
-		<tbody>
-			{% for key, value in post %}
-				<tr class="{{ loop.cycle('row1' 'row2') }}">
-					<td>{{ key|escape }}</td>
-					<td>{{ value|join(", ")|escape }}</td>
-				</tr>
-			{% endfor %}
-		</tbody>
-	</table>
+    {{ show_multi_map(post) }}
 {% else %}
-	<p>No POST data</p>
+    <p>No POST data</p>
 {% endif %}
-