plain 0.24.0__py3-none-any.whl → 0.25.0__py3-none-any.whl

plain/utils/encoding.py

@@ -1,6 +1,4 @@
-import codecs
 import datetime
-import locale
 from decimal import Decimal
 from types import NoneType
 from urllib.parse import quote
@@ -127,109 +125,6 @@ _hextobyte.update(
 )
 
 
-def uri_to_iri(uri):
-    """
-    Convert a Uniform Resource Identifier(URI) into an Internationalized
-    Resource Identifier(IRI).
-
-    This is the algorithm from RFC 3987 Section 3.2, excluding step 4.
-
-    Take an URI in ASCII bytes (e.g. '/I%20%E2%99%A5%20Plain/') and return
-    a string containing the encoded result (e.g. '/I%20♥%20Plain/').
-    """
-    if uri is None:
-        return uri
-    uri = force_bytes(uri)
-    # Fast selective unquote: First, split on '%' and then starting with the
-    # second block, decode the first 2 bytes if they represent a hex code to
-    # decode. The rest of the block is the part after '%AB', not containing
-    # any '%'. Add that to the output without further processing.
-    bits = uri.split(b"%")
-    if len(bits) == 1:
-        iri = uri
-    else:
-        parts = [bits[0]]
-        append = parts.append
-        hextobyte = _hextobyte
-        for item in bits[1:]:
-            hex = item[:2]
-            if hex in hextobyte:
-                append(hextobyte[item[:2]])
-                append(item[2:])
-            else:
-                append(b"%")
-                append(item)
-        iri = b"".join(parts)
-    return repercent_broken_unicode(iri).decode()
-
-
-def escape_uri_path(path):
-    """
-    Escape the unsafe characters from the path portion of a Uniform Resource
-    Identifier (URI).
-    """
-    # These are the "reserved" and "unreserved" characters specified in RFC
-    # 3986 Sections 2.2 and 2.3:
-    #   reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | ","
-    #   unreserved  = alphanum | mark
-    #   mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
-    # The list of safe characters here is constructed subtracting ";", "=",
-    # and "?" according to RFC 3986 Section 3.3.
-    # The reason for not subtracting and escaping "/" is that we are escaping
-    # the entire path, not a path segment.
-    return quote(path, safe="/:@&+$,-_.!~*'()")
-
-
 def punycode(domain):
     """Return the Punycode of the given domain if it's non-ASCII."""
     return domain.encode("idna").decode("ascii")
-
-
-def repercent_broken_unicode(path):
-    """
-    As per RFC 3987 Section 3.2, step three of converting a URI into an IRI,
-    repercent-encode any octet produced that is not part of a strictly legal
-    UTF-8 octet sequence.
-    """
-    while True:
-        try:
-            path.decode()
-        except UnicodeDecodeError as e:
-            # CVE-2019-14235: A recursion shouldn't be used since the exception
-            # handling uses massive amounts of memory
-            repercent = quote(path[e.start : e.end], safe=b"/#%[]=:;$&()+,!?*@'~")
-            path = path[: e.start] + repercent.encode() + path[e.end :]
-        else:
-            return path
-
-
-def filepath_to_uri(path):
-    """Convert a file system path to a URI portion that is suitable for
-    inclusion in a URL.
-
-    Encode certain chars that would normally be recognized as special chars
-    for URIs. Do not encode the ' character, as it is a valid character
-    within URIs. See the encodeURIComponent() JavaScript function for details.
-    """
-    if path is None:
-        return path
-    # I know about `os.sep` and `os.altsep` but I want to leave
-    # some flexibility for hardcoding separators.
-    return quote(str(path).replace("\\", "/"), safe="/~!*()'")
-
-
-def get_system_encoding():
-    """
-    The encoding for the character type functions. Fallback to 'ascii' if the
-    #encoding is unsupported by Python or could not be determined. See tickets
-    #10335 and #5846.
-    """
-    try:
-        encoding = locale.getlocale()[1] or "ascii"
-        codecs.lookup(encoding)
-    except Exception:
-        encoding = "ascii"
-    return encoding
-
-
-DEFAULT_LOCALE_ENCODING = get_system_encoding()

plain/utils/functional.py

@@ -205,13 +205,6 @@ def _lazy_proxy_unpickle(func, args, kwargs, *resultclasses):
     return lazy(func, *resultclasses)(*args, **kwargs)
 
 
-def lazystr(text):
-    """
-    Shortcut for the common case of a lazy callable that returns str.
-    """
-    return lazy(str, str)(text)
-
-
 def keep_lazy(*resultclasses):
     """
     A decorator that allows a function to be called with one or more lazy

plain/utils/html.py

@@ -2,16 +2,10 @@
 
 import html
 import json
-import re
 from html.parser import HTMLParser
-from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit
 
-from plain.utils.encoding import punycode
 from plain.utils.functional import Promise, keep_lazy, keep_lazy_text
-from plain.utils.http import RFC3986_GENDELIMS, RFC3986_SUBDELIMS
-from plain.utils.regex_helper import _lazy_re_compile
-from plain.utils.safestring import SafeData, SafeString, mark_safe
-from plain.utils.text import normalize_newlines
+from plain.utils.safestring import SafeString, mark_safe
 
 
 @keep_lazy(SafeString)
@@ -27,31 +21,6 @@ def escape(text):
     return SafeString(html.escape(str(text)))
 
 
-_js_escapes = {
-    ord("\\"): "\\u005C",
-    ord("'"): "\\u0027",
-    ord('"'): "\\u0022",
-    ord(">"): "\\u003E",
-    ord("<"): "\\u003C",
-    ord("&"): "\\u0026",
-    ord("="): "\\u003D",
-    ord("-"): "\\u002D",
-    ord(";"): "\\u003B",
-    ord("`"): "\\u0060",
-    ord("\u2028"): "\\u2028",
-    ord("\u2029"): "\\u2029",
-}
-
-# Escape every ASCII character with a value less than 32.
-_js_escapes.update((ord("%c" % z), f"\\u{z:04X}") for z in range(32))  # noqa: UP031
-
-
-@keep_lazy(SafeString)
-def escapejs(value):
-    """Hex encode characters for use in JavaScript strings."""
-    return mark_safe(str(value).translate(_js_escapes))
-
-
 _json_script_escapes = {
     ord(">"): "\\u003E",
     ord("<"): "\\u003C",
@@ -105,39 +74,6 @@ def format_html(format_string, *args, **kwargs):
     return mark_safe(format_string.format(*args_safe, **kwargs_safe))
 
 
-def format_html_join(sep, format_string, args_generator):
-    """
-    A wrapper of format_html, for the common case of a group of arguments that
-    need to be formatted using the same format string, and then joined using
-    'sep'. 'sep' is also passed through conditional_escape.
-
-    'args_generator' should be an iterator that returns the sequence of 'args'
-    that will be passed to format_html.
-
-    Example:
-
-      format_html_join('\n', "<li>{} {}</li>", ((u.first_name, u.last_name)
-                                                  for u in users))
-    """
-    return mark_safe(
-        conditional_escape(sep).join(
-            format_html(format_string, *args) for args in args_generator
-        )
-    )
-
-
-@keep_lazy_text
-def linebreaks(value, autoescape=False):
-    """Convert newlines into <p> and <br>s."""
-    value = normalize_newlines(value)
-    paras = re.split("\n{2,}", str(value))
-    if autoescape:
-        paras = ["<p>{}</p>".format(escape(p).replace("\n", "<br>")) for p in paras]
-    else:
-        paras = ["<p>{}</p>".format(p.replace("\n", "<br>")) for p in paras]
-    return "\n\n".join(paras)
-
-
 class MLStripper(HTMLParser):
     def __init__(self):
         super().__init__(convert_charrefs=False)
@@ -182,217 +118,6 @@ def strip_tags(value):
     return value
 
 
-@keep_lazy_text
-def strip_spaces_between_tags(value):
-    """Return the given HTML with spaces between tags removed."""
-    return re.sub(r">\s+<", "><", str(value))
-
-
-def smart_urlquote(url):
-    """Quote a URL if it isn't already quoted."""
-
-    def unquote_quote(segment):
-        segment = unquote(segment)
-        # Tilde is part of RFC 3986 Section 2.3 Unreserved Characters,
-        # see also https://bugs.python.org/issue16285
-        return quote(segment, safe=RFC3986_SUBDELIMS + RFC3986_GENDELIMS + "~")
-
-    # Handle IDN before quoting.
-    try:
-        scheme, netloc, path, query, fragment = urlsplit(url)
-    except ValueError:
-        # invalid IPv6 URL (normally square brackets in hostname part).
-        return unquote_quote(url)
-
-    try:
-        netloc = punycode(netloc)  # IDN -> ACE
-    except UnicodeError:  # invalid domain part
-        return unquote_quote(url)
-
-    if query:
-        # Separately unquoting key/value, so as to not mix querystring separators
-        # included in query values. See #22267.
-        query_parts = [
-            (unquote(q[0]), unquote(q[1]))
-            for q in parse_qsl(query, keep_blank_values=True)
-        ]
-        # urlencode will take care of quoting
-        query = urlencode(query_parts)
-
-    path = unquote_quote(path)
-    fragment = unquote_quote(fragment)
-
-    return urlunsplit((scheme, netloc, path, query, fragment))
-
-
-class Urlizer:
-    """
-    Convert any URLs in text into clickable links.
-
-    Work on http://, https://, www. links, and also on links ending in one of
-    the original seven gTLDs (.com, .edu, .gov, .int, .mil, .net, and .org).
-    Links can have trailing punctuation (periods, commas, close-parens) and
-    leading punctuation (opening parens) and it'll still do the right thing.
-    """
-
-    trailing_punctuation_chars = ".,:;!"
-    wrapping_punctuation = [("(", ")"), ("[", "]")]
-
-    simple_url_re = _lazy_re_compile(r"^https?://\[?\w", re.IGNORECASE)
-    simple_url_2_re = _lazy_re_compile(
-        r"^www\.|^(?!http)\w[^@]+\.(com|edu|gov|int|mil|net|org)($|/.*)$", re.IGNORECASE
-    )
-    word_split_re = _lazy_re_compile(r"""([\s<>"']+)""")
-
-    mailto_template = "mailto:{local}@{domain}"
-    url_template = '<a href="{href}"{attrs}>{url}</a>'
-
-    def __call__(self, text, trim_url_limit=None, nofollow=False, autoescape=False):
-        """
-        If trim_url_limit is not None, truncate the URLs in the link text
-        longer than this limit to trim_url_limit - 1 characters and append an
-        ellipsis.
-
-        If nofollow is True, give the links a rel="nofollow" attribute.
-
-        If autoescape is True, autoescape the link text and URLs.
-        """
-        safe_input = isinstance(text, SafeData)
-
-        words = self.word_split_re.split(str(text))
-        return "".join(
-            [
-                self.handle_word(
-                    word,
-                    safe_input=safe_input,
-                    trim_url_limit=trim_url_limit,
-                    nofollow=nofollow,
-                    autoescape=autoescape,
-                )
-                for word in words
-            ]
-        )
-
-    def handle_word(
-        self,
-        word,
-        *,
-        safe_input,
-        trim_url_limit=None,
-        nofollow=False,
-        autoescape=False,
-    ):
-        if "." in word or "@" in word or ":" in word:
-            # lead: Punctuation trimmed from the beginning of the word.
-            # middle: State of the word.
-            # trail: Punctuation trimmed from the end of the word.
-            lead, middle, trail = self.trim_punctuation(word)
-            # Make URL we want to point to.
-            url = None
-            nofollow_attr = ' rel="nofollow"' if nofollow else ""
-            if self.simple_url_re.match(middle):
-                url = smart_urlquote(html.unescape(middle))
-            elif self.simple_url_2_re.match(middle):
-                url = smart_urlquote(f"http://{html.unescape(middle)}")
-            elif ":" not in middle and self.is_email_simple(middle):
-                local, domain = middle.rsplit("@", 1)
-                try:
-                    domain = punycode(domain)
-                except UnicodeError:
-                    return word
-                url = self.mailto_template.format(local=local, domain=domain)
-                nofollow_attr = ""
-            # Make link.
-            if url:
-                trimmed = self.trim_url(middle, limit=trim_url_limit)
-                if autoescape and not safe_input:
-                    lead, trail = escape(lead), escape(trail)
-                    trimmed = escape(trimmed)
-                middle = self.url_template.format(
-                    href=escape(url),
-                    attrs=nofollow_attr,
-                    url=trimmed,
-                )
-                return mark_safe(f"{lead}{middle}{trail}")
-            else:
-                if safe_input:
-                    return mark_safe(word)
-                elif autoescape:
-                    return escape(word)
-        elif safe_input:
-            return mark_safe(word)
-        elif autoescape:
-            return escape(word)
-        return word
-
-    def trim_url(self, x, *, limit):
-        if limit is None or len(x) <= limit:
-            return x
-        return f"{x[: max(0, limit - 1)]}…"
-
-    def trim_punctuation(self, word):
-        """
-        Trim trailing and wrapping punctuation from `word`. Return the items of
-        the new state.
-        """
-        lead, middle, trail = "", word, ""
-        # Continue trimming until middle remains unchanged.
-        trimmed_something = True
-        while trimmed_something:
-            trimmed_something = False
-            # Trim wrapping punctuation.
-            for opening, closing in self.wrapping_punctuation:
-                if middle.startswith(opening):
-                    middle = middle.removeprefix(opening)
-                    lead += opening
-                    trimmed_something = True
-                # Keep parentheses at the end only if they're balanced.
-                if (
-                    middle.endswith(closing)
-                    and middle.count(closing) == middle.count(opening) + 1
-                ):
-                    middle = middle.removesuffix(closing)
-                    trail = closing + trail
-                    trimmed_something = True
-            # Trim trailing punctuation (after trimming wrapping punctuation,
-            # as encoded entities contain ';'). Unescape entities to avoid
-            # breaking them by removing ';'.
-            middle_unescaped = html.unescape(middle)
-            stripped = middle_unescaped.rstrip(self.trailing_punctuation_chars)
-            if middle_unescaped != stripped:
-                punctuation_count = len(middle_unescaped) - len(stripped)
-                trail = middle[-punctuation_count:] + trail
-                middle = middle[:-punctuation_count]
-                trimmed_something = True
-        return lead, middle, trail
-
-    @staticmethod
-    def is_email_simple(value):
-        """Return True if value looks like an email address."""
-        # An @ must be in the middle of the value.
-        if "@" not in value or value.startswith("@") or value.endswith("@"):
-            return False
-        try:
-            p1, p2 = value.split("@")
-        except ValueError:
-            # value contains more than one @.
-            return False
-        # Dot must be in p2 (e.g. example.com)
-        if "." not in p2 or p2.startswith("."):
-            return False
-        return True
-
-
-urlizer = Urlizer()
-
-
-@keep_lazy_text
-def urlize(text, trim_url_limit=None, nofollow=False, autoescape=False):
-    return urlizer(
-        text, trim_url_limit=trim_url_limit, nofollow=nofollow, autoescape=autoescape
-    )
-
-
 def avoid_wrapping(value):
     """
     Avoid text wrapping in the middle of a phrase by adding non-breaking

plain/utils/http.py

@@ -1,40 +1,9 @@
-import base64
-import datetime
-import re
-import unicodedata
-from binascii import Error as BinasciiError
 from email.utils import formatdate
-from urllib.parse import quote, unquote, urlparse
+from urllib.parse import quote, unquote
 from urllib.parse import urlencode as original_urlencode
 
 from plain.utils.datastructures import MultiValueDict
-from plain.utils.regex_helper import _lazy_re_compile
 
-# Based on RFC 9110 Appendix A.
-ETAG_MATCH = _lazy_re_compile(
-    r"""
-    \A(      # start of string and capture group
-    (?:W/)?  # optional weak indicator
-    "        # opening quote
-    [^"]*    # any sequence of non-quote characters
-    "        # end quote
-    )\Z      # end of string and capture group
-""",
-    re.X,
-)
-
-MONTHS = "jan feb mar apr may jun jul aug sep oct nov dec".split()
-__D = r"(?P<day>[0-9]{2})"
-__D2 = r"(?P<day>[ 0-9][0-9])"
-__M = r"(?P<mon>\w{3})"
-__Y = r"(?P<year>[0-9]{4})"
-__Y2 = r"(?P<year>[0-9]{2})"
-__T = r"(?P<hour>[0-9]{2}):(?P<min>[0-9]{2}):(?P<sec>[0-9]{2})"
-RFC1123_DATE = _lazy_re_compile(rf"^\w{{3}}, {__D} {__M} {__Y} {__T} GMT$")
-RFC850_DATE = _lazy_re_compile(rf"^\w{{6,9}}, {__D}-{__M}-{__Y2} {__T} GMT$")
-ASCTIME_DATE = _lazy_re_compile(rf"^\w{{3}} {__M} {__D2} {__T} {__Y}$")
-
-RFC3986_GENDELIMS = ":/?#[]@"
 RFC3986_SUBDELIMS = "!$&'()*+,;="
 
 
@@ -93,57 +62,6 @@ def http_date(epoch_seconds=None):
     return formatdate(epoch_seconds, usegmt=True)
 
 
-def parse_http_date(date):
-    """
-    Parse a date format as specified by HTTP RFC 9110 Section 5.6.7.
-
-    The three formats allowed by the RFC are accepted, even if only the first
-    one is still in widespread use.
-
-    Return an integer expressed in seconds since the epoch, in UTC.
-    """
-    # email.utils.parsedate() does the job for RFC 1123 dates; unfortunately
-    # RFC 9110 makes it mandatory to support RFC 850 dates too. So we roll
-    # our own RFC-compliant parsing.
-    for regex in RFC1123_DATE, RFC850_DATE, ASCTIME_DATE:
-        m = regex.match(date)
-        if m is not None:
-            break
-    else:
-        raise ValueError(f"{date!r} is not in a valid HTTP date format")
-    try:
-        tz = datetime.UTC
-        year = int(m["year"])
-        if year < 100:
-            current_year = datetime.datetime.now(tz=tz).year
-            current_century = current_year - (current_year % 100)
-            if year - (current_year % 100) > 50:
-                # year that appears to be more than 50 years in the future are
-                # interpreted as representing the past.
-                year += current_century - 100
-            else:
-                year += current_century
-        month = MONTHS.index(m["mon"].lower()) + 1
-        day = int(m["day"])
-        hour = int(m["hour"])
-        min = int(m["min"])
-        sec = int(m["sec"])
-        result = datetime.datetime(year, month, day, hour, min, sec, tzinfo=tz)
-        return int(result.timestamp())
-    except Exception as exc:
-        raise ValueError(f"{date!r} is not a valid date") from exc
-
-
-def parse_http_date_safe(date):
-    """
-    Same as parse_http_date, but return None if the input is invalid.
-    """
-    try:
-        return parse_http_date(date)
-    except Exception:
-        pass
-
-
 # Base 36 functions: useful for generating compact URLs
 
 
@@ -174,51 +92,6 @@ def int_to_base36(i):
     return b36
 
 
-def urlsafe_base64_encode(s):
-    """
-    Encode a bytestring to a base64 string for use in URLs. Strip any trailing
-    equal signs.
-    """
-    return base64.urlsafe_b64encode(s).rstrip(b"\n=").decode("ascii")
-
-
-def urlsafe_base64_decode(s):
-    """
-    Decode a base64 encoded string. Add back any trailing equal signs that
-    might have been stripped.
-    """
-    s = s.encode()
-    try:
-        return base64.urlsafe_b64decode(s.ljust(len(s) + len(s) % 4, b"="))
-    except (LookupError, BinasciiError) as e:
-        raise ValueError(e)
-
-
-def parse_etags(etag_str):
-    """
-    Parse a string of ETags given in an If-None-Match or If-Match header as
-    defined by RFC 9110. Return a list of quoted ETags, or ['*'] if all ETags
-    should be matched.
-    """
-    if etag_str.strip() == "*":
-        return ["*"]
-    else:
-        # Parse each ETag individually, and return any that are valid.
-        etag_matches = (ETAG_MATCH.match(etag.strip()) for etag in etag_str.split(","))
-        return [match[1] for match in etag_matches if match]
-
-
-def quote_etag(etag_str):
-    """
-    If the provided string is already a quoted ETag, return it. Otherwise, wrap
-    the string in quotes, making it a strong ETag.
-    """
-    if ETAG_MATCH.match(etag_str):
-        return etag_str
-    else:
-        return f'"{etag_str}"'
-
-
 def is_same_domain(host, pattern):
     """
     Return ``True`` if the host is either an exact match or a match
@@ -239,66 +112,6 @@ def is_same_domain(host, pattern):
     )
 
 
-def url_has_allowed_host_and_scheme(url, allowed_hosts, require_https=False):
-    """
-    Return ``True`` if the url uses an allowed host and a safe scheme.
-
-    Always return ``False`` on an empty url.
-
-    If ``require_https`` is ``True``, only 'https' will be considered a valid
-    scheme, as opposed to 'http' and 'https' with the default, ``False``.
-
-    Note: "True" doesn't entail that a URL is "safe". It may still be e.g.
-    quoted incorrectly. Ensure to also use plain.utils.encoding.iri_to_uri()
-    on the path component of untrusted URLs.
-    """
-    if url is not None:
-        url = url.strip()
-    if not url:
-        return False
-    if allowed_hosts is None:
-        allowed_hosts = set()
-    elif isinstance(allowed_hosts, str):
-        allowed_hosts = {allowed_hosts}
-    # Chrome treats \ completely as / in paths but it could be part of some
-    # basic auth credentials so we need to check both URLs.
-    return _url_has_allowed_host_and_scheme(
-        url, allowed_hosts, require_https=require_https
-    ) and _url_has_allowed_host_and_scheme(
-        url.replace("\\", "/"), allowed_hosts, require_https=require_https
-    )
-
-
-def _url_has_allowed_host_and_scheme(url, allowed_hosts, require_https=False):
-    # Chrome considers any URL with more than two slashes to be absolute, but
-    # urlparse is not so flexible. Treat any url with three slashes as unsafe.
-    if url.startswith("///"):
-        return False
-    try:
-        url_info = urlparse(url)
-    except ValueError:  # e.g. invalid IPv6 addresses
-        return False
-    # Forbid URLs like http:///example.com - with a scheme, but without a hostname.
-    # In that URL, example.com is not the hostname but, a path component. However,
-    # Chrome will still consider example.com to be the hostname, so we must not
-    # allow this syntax.
-    if not url_info.netloc and url_info.scheme:
-        return False
-    # Forbid URLs that start with control characters. Some browsers (like
-    # Chrome) ignore quite a few control characters at the start of a
-    # URL and might consider the URL as scheme relative.
-    if unicodedata.category(url[0])[0] == "C":
-        return False
-    scheme = url_info.scheme
-    # Consider URLs without a scheme (e.g. //example.com/p) to be http.
-    if not url_info.scheme and url_info.netloc:
-        scheme = "http"
-    valid_schemes = ["https"] if require_https else ["http", "https"]
-    return (not url_info.netloc or url_info.netloc in allowed_hosts) and (
-        not scheme or scheme in valid_schemes
-    )
-
-
 def escape_leading_slashes(url):
     """
     If redirecting to an absolute path (two leading slashes), a slash must be
@@ -347,7 +160,7 @@ def parse_header_parameters(line):
                 value = value[1:-1]
                 value = value.replace("\\\\", "\\").replace('\\"', '"')
             if has_encoding:
-                encoding, lang, value = value.split("'")
+                encoding, _, value = value.split("'")
                 value = unquote(value, encoding=encoding)
             pdict[name] = value
     return key, pdict