Commit b2a7984b authored by Opi Danihelka's avatar Opi Danihelka
Browse files

Escaped XML response.

parent 481c7563
var xml_parts = new Array();
xml_parts[1] = "<?xml version='1.0' encoding='UTF-8'?>\n<request_bundle xmlns='http://podepsano.cz/'>\n <provider_id>";
xml_parts[1] = "<?xml version='1.0' encoding='UTF-8'?>\n<request_bundle xmlns='https://www.podepsano.cz/'>\n <provider_id>";
xml_parts[2] = "</provider_id>\n <provider_request_id>";
xml_parts[3] = "</provider_request_id>\n <provider_return_url>";
xml_parts[4] = "</provider_return_url>\n <provider_requested_id_attributes>\n";
......@@ -7,16 +7,6 @@ xml_parts[5] = " </provider_requested_id_attributes>\n <request>\n
xml_parts[6] = "</subject>\n <content type='text/plain'>\n";
xml_parts[7] = "\n </content>\n </request>\n</request_bundle>";
/*
xml_parts[1] = "&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;\n&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;\n &lt;provider_id&gt;";
xml_parts[2] = "&lt;/provider_id&gt;\n &lt;provider_request_id&gt;";
xml_parts[3] = "&lt;/provider_request_id&gt;\n &lt;provider_return_url&gt;";
xml_parts[4] = "&lt;/provider_return_url&gt;\n &lt;provider_requested_id_attributes&gt;\n";
xml_parts[5] = " &lt;/provider_requested_id_attributes&gt;\n &lt;request&gt;\n &lt;subject&gt;";
xml_parts[6] = "&lt;/subject&gt;\n &lt;content type=&quot;text/plain&quot;&gt;";
xml_parts[7] = "\n &lt;/content&gt;\n &lt;/request&gt;\n&lt;/request_bundle&gt;";
*/
function fillXML() {
for (var i = 1; i < xml_parts.length; i++) {
var xml_active = document.getElementById("xml_part"+i);
......@@ -39,6 +29,10 @@ function fieldBlur(elem) {
Deactive(elem);
}
function xml_esc(str) {
return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}
function Active() {
if (active_field) {
//console.log(active_field.name);
......@@ -46,7 +40,7 @@ function Active() {
//xml_active.style.color = "#f00";
//xml_active.style.fontWeight = "bold";
xml_active.style.background = "#f00";
xml_active.textContent = active_field.value;
xml_active.textContent = xml_esc(active_field.value);
}
}
......@@ -80,9 +74,17 @@ function send() {
var together = ""
for (var i = 0; i < spans.length; i++) {
/*
if (spans[i].id.substring(4,7) == "var") {
// escape characters
var esc = spans[i].textContent
together += esc.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
} else {
together += spans[i].textContent;
}
*/
together += spans[i].textContent;
}
//console.log(together);
// filling hidden element
var xmldata = document.getElementById("xmldata");
......
......@@ -5,14 +5,14 @@
<link rel="shortcut icon" href="{{links.media}}img/favicon.ico"></link>
<title>Podepsáno.cz - Zkušební e-shop</title>
<style>
<style type="text/css">
body {
margin: 50px 0px;
padding: 0px;
text-align: left;
background: #888;
color: #333;
font: 70%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
font: 90%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
}
.main {
float: none;
......@@ -26,6 +26,9 @@
position: relative;
width: 960px;
}
.podepsano {
font-variant: small-caps;
}
</style>
</head>
<body>
......@@ -58,7 +61,18 @@
{% if requested_attrs %}
<h3>Získané údaje:</h3>
{% for one in requested_attrs %}
<li><b>{{one.0}}</b> ({{one.1}})</li>
<li><b>{{one.0}}</b>
{% if one.1 == "True" %}
(ANO)
{% else %}
{% if one.1 == "False" %}
(NE)
{% else %}
({{one.1}})
{% endif %}
{% endif %}
</li>
{% endfor %}
<br/>
{% endif %}
......@@ -67,12 +81,21 @@
{% if sig_ok == "Error" %}
<p><b>Error:</b> Nemohu ověřit podpis.</p>
{% else %}
<p><b>Ověření podpisu:</b> {{sig_ok}}</p>
<p><b>Ověření podpisu:</b>
{% if sig_ok != True %}
V pořádku.
{% else %}
Chybný podpis!
{% endif %}
{% endif %}
<br/>
{% endif %}
<p>Vytvořit <a href="{{links.start}}">novou objednávku</a>.</p>
<p>Návrat na <a href="https://www.podepsano.cz"><span class="podepsano">podepsano.cz</span></a></p>
</div>
<p>Developed by: <a href="http://nic.cz" target="_blank">CZ.NIC</a></p>
</div>
......
......@@ -5,14 +5,14 @@
<link rel="shortcut icon" href="{{links.media}}img/favicon.ico"></link>
<title>Podepsáno.cz - XML Generator</title>
<style>
<style type="text/css">
body {
margin: 50px 0px;
padding: 0px;
text-align: left;
background: #888;
color: #333;
font: 70%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
font: 90%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
}
.formular {
float: left;
......@@ -37,8 +37,8 @@
padding: 0px;
margin: 0px;
background-color: #fff;
color: #000;
font-family: Courier, monospace;
color: #000;
font-family: 70%/1.5 Courier, monospace;
text-align: left;
}
.main {
......@@ -62,6 +62,19 @@
font-family: Courier;
resize: vertical;
}
.disclaimer {
background: #fda;
padding: 10px;
margin: 20px;
}
.disclaimer div {
margin: 0px;
color: #000;
border: 3px solid red;
}
.podepsano {
font-variant: small-caps;
}
</style>
</head>
<body>
......@@ -71,22 +84,29 @@
<div class="formular block">
<p><b>Vstupní formulář:</b></p>
<form>
Název společnosti:<br/><input type="text" name="var1" value="CZ.NIC" size="32" onFocus="fieldFocus(this);" onBlur="fieldBlur(this);" /><br/><br/>
ID žádosti:<br/><input type="text" name="var2" value="id12345" size="32" onFocus="fieldFocus(this);" onBlur="fieldBlur(this);" /><br/><br/>
Návratová URL:<br/><input type="text" name="var3" value="{{finish}}" size="32" onFocus="fieldFocus(this);" onBlur="fieldBlur(this);" /><br/><br/>
<form action="">
Název společnosti:<br/><input type="text" name="var1" value="CZ.NIC" size="32" onfocus="fieldFocus(this);" onblur="fieldBlur(this);" /><br/><br/>
ID žádosti:<br/><input type="text" name="var2" value="id12345" size="32" onfocus="fieldFocus(this);" onblur="fieldBlur(this);" /><br/><br/>
Návratová URL:<br/><input type="text" name="var3" value="{{finish}}" size="32" onfocus="fieldFocus(this);" onblur="fieldBlur(this);" /><br/><br/>
Požadovaná data od uživatele:<br/>
<input id="check1" type="checkbox" name="http://specs.nic.cz/attr/contact/name/last" onClick="fieldCheckbox();" />Příjmení<br/>
<input id="check2" type="checkbox" name="http://axschema.org/contact/email" onClick="fieldCheckbox();" />Email<br/>
<input id="check3" type="checkbox" name="http://specs.nic.cz/attr/phone/main" onClick="fieldCheckbox();" />Telefon<br/>
<input id="check1" type="checkbox" name="http://specs.nic.cz/attr/contact/name/last" onclick="fieldCheckbox();" />Příjmení<br/>
<input id="check2" type="checkbox" name="http://axschema.org/contact/email" onclick="fieldCheckbox();" />Email<br/>
<input id="check3" type="checkbox" name="http://specs.nic.cz/attr/phone/main" onclick="fieldCheckbox();" />Telefon<br/>
Další možné atributy naleznete v <a href="http://www.mojeid.cz/files/mojeid/mojeid_technicky.pdf" target="_blank">technické dokumentaci mojeID</a>.
<br/><br/>
Předmět zprávy:<br/><input type="text" name="var4" value="Zrušení domény" size="32" onFocus="fieldFocus(this);" onBlur="fieldBlur(this);" /><br/><br/>
Obsah zprávy:<br/><textarea name="var5" rows="5" cols="30" onFocus="fieldFocus(this);" onBlur="fieldBlur(this);">Závazně žádám o zrušení domény "http://nic.cz".</textarea><br/><br/>
Předmět zprávy:<br/><input type="text" name="var4" value="Zrušení domény" size="32" onfocus="fieldFocus(this);" onblur="fieldBlur(this);" /><br/><br/>
Obsah zprávy:<br/><textarea name="var5" rows="5" cols="30" onfocus="fieldFocus(this);" onblur="fieldBlur(this);">Závazně žádám o zrušení domény "nic.cz".</textarea><br/><br/>
<input type="button" name="" value="Objednat" onClick="send();" /><br/>
<div class="disclaimer">
<div class="disclaimer">
<h2>Upozornění:</h2>
Jedná se pouze o zkušební demo. Ve skutečnosti nic neobjednáváte.
</div>
</div>
<input type="button" name="" value="Objednat" onclick="send();" /><br/>
</form>
<form action="{{start}}" id="sending_form" method="post" enctype="multipart/form-data">
......@@ -97,15 +117,17 @@
<div class="result block">
<p><b>Vygenerované XML:</b></p>
<pre id="result"><span id="xml_part1"></span><span id="xml_var1">CZ.NIC</span><span id="xml_part2"></span><span id="xml_var2">id12345</span><span id="xml_part3"></span><span id="xml_var3">{{finish}}</span><span id="xml_part4"></span><span id="xml_checkbox"></span><span id="xml_part5"></span><span id="xml_var4">Zrušení domény</span><span id="xml_part6"></span><span id="xml_var5">Závazně žádám o zrušení domény "http://nic.cz".</span><span id="xml_part7"></span></pre>
<pre id="result"><span id="xml_part1"></span><span id="xml_var1">CZ.NIC</span><span id="xml_part2"></span><span id="xml_var2">id12345</span><span id="xml_part3"></span><span id="xml_var3">{{finish}}</span><span id="xml_part4"></span><span id="xml_checkbox"></span><span id="xml_part5"></span><span id="xml_var4">Zrušení domény</span><span id="xml_part6"></span><span id="xml_var5">Závazně žádám o zrušení domény "nic.cz".</span><span id="xml_part7"></span></pre>
</div>
<div style="clear: both;"></div><br/>
<p>Návrat na <a href="{{links.start}}">zkušební e-shop</a>.</p>
<p>Návrat na <a class="podepsano" href="https://www.podepsano.cz">podepsano.cz</a></p>
</div>
<script src="{{links.media}}js/generator.js"></script>
<script type="text/javascript" src="{{links.media}}js/generator.js"></script>
<p>Developed by: <a href="http://nic.cz" target="_blank">CZ.NIC</a></p>
</div>
......
......@@ -5,14 +5,14 @@
<link rel="shortcut icon" href="{{links.media}}img/favicon.ico"></link>
<title>Podepsáno.cz - Zkušební e-shop</title>
<style>
<style type="text/css">
body {
margin: 50px 0px;
padding: 0px;
text-align: left;
background: #888;
color: #333;
font: 70%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
font: 90%/1.5 Verdana, Tahoma, Arial, Helvetica, sans-serif;
}
.main {
float: none;
......@@ -26,6 +26,19 @@
position: relative;
width: 960px;
}
.disclaimer {
background: #fda;
padding: 10px;
margin: 20px;
}
.disclaimer div {
margin: 0px;
color: #000;
border: 3px solid red;
}
.podepsano {
font-variant: small-caps;
}
</style>
</head>
<body>
......@@ -34,10 +47,17 @@
<h1><img src="{{links.media}}img/podepsano_logo.png" alt="PODEPSANO.cz" /> Zkušební e-shop</h1>
<p>
Prosím vytvořte objednávku kliknutím na tlačítko '<i>Objednat</i>' u zvolené objednávky. Budete přesměrováni na Podepsano.cz. Dále se řiďte podle instrukcí...
Prosím vytvořte objednávku kliknutím na tlačítko '<i>Objednat</i>' u zvolené objednávky. Budete přesměrováni na <span class="podepsano">podepsano.cz</span>. Dále se řiďte podle instrukcí...
</p>
<hr/>
<div class="disclaimer">
<div class="disclaimer">
<h2>Upozornění:</h2>
Jedná se pouze o zkušební demo. Ve skutečnosti nic neobjednáváte.
</div>
</div>
<h2>Zkušební objednávky:</h2>
......@@ -48,10 +68,10 @@
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata1" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;provider_id&gt;Domeny a Poddomeny s.r.o.&lt;/provider_id&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;CZ.NIC - Domain Department&lt;/provider_id&gt;
&lt;provider_request_id&gt;id001&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
&lt;provider_requested_id_attributes&gt;
......@@ -76,10 +96,10 @@
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata2" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;provider_id&gt;Planes s.r.o.&lt;/provider_id&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;CZ.NIC - Plane Construction&lt;/provider_id&gt;
&lt;provider_request_id&gt;planes_order_id-12345&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
&lt;provider_requested_id_attributes&gt;
......@@ -108,11 +128,11 @@
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata3" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;J. Zimmerman&lt;/provider_id&gt;
&lt;provider_request_id&gt;nudnaobjednavkacislo3&lt;/provider_request_id&gt;
&lt;provider_request_id&gt;objednavkacislo3&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
&lt;provider_requested_id_attributes&gt;
......@@ -135,16 +155,15 @@
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata4" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;Monkey and Friends&lt;/provider_id&gt;
&lt;provider_request_id&gt;orderNo302&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
&lt;provider_requested_id_attributes&gt;
&lt;req_id_attr&gt;http://specs.nic.cz/attr/contact/name/last&lt;/req_id_attr&gt;
&lt;req_id_attr&gt;http://specs.nic.cz/attr/contact/adult&lt;/req_id_attr&gt;
&lt;/provider_requested_id_attributes&gt;
&lt;request&gt;
......@@ -166,10 +185,10 @@
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata5" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;provider_id&gt;Flowers s.r.o.&lt;/provider_id&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;CZ.NIC - Flower Department&lt;/provider_id&gt;
&lt;provider_request_id&gt;orderNoXXX&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
&lt;provider_requested_id_attributes&gt;
......@@ -611,9 +630,9 @@ MmE3ODlmOTlkZTcyNzJjMzA4NzQxPl0NCj4+DQpzdGFydHhyZWYNCjIyNzQxDQolJUVPRg0K
<form action="{{start}}"
method="post" enctype="multipart/form-data">
<input type="hidden" id="xmldata" name="xmldata"
<input type="hidden" id="xmldata6" name="xmldata"
value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;request_bundle xmlns=&quot;http://podepsano.cz/&quot;&gt;
&lt;request_bundle xmlns=&quot;https://www.podepsano.cz/&quot;&gt;
&lt;provider_id&gt;nonexistent&lt;/provider_id&gt;
&lt;provider_request_id&gt;test98765&lt;/provider_request_id&gt;
&lt;provider_return_url&gt;{{finish}}&lt;/provider_return_url&gt;
......@@ -641,6 +660,9 @@ MmE3ODlmOTlkZTcyNzJjMzA4NzQxPl0NCj4+DQpzdGFydHhyZWYNCjIyNzQxDQolJUVPRg0K
start žádostí: {{start}}<br />
callback eshopu: {{finish}}
</i>
<p>Návrat na <a href="https://www.podepsano.cz"><span class="podepsano">podepsano.cz</span></a></p>
</div>
<p>Developed by: <a href="http://nic.cz" target="_blank">CZ.NIC</a></p>
</div>
......
import xml.dom.minidom as dom
from xml.sax.saxutils import escape
# built-in modules
import logging
......@@ -24,7 +25,7 @@ def create_xml(company_name, req_id, return_url, requested_attrs, subject, conte
Returns string of generated XML.
"""
xml_parts = []
xml_parts.append("<?xml version='1.0' encoding='UTF-8'?>\n<request_bundle xmlns='http://podepsano.cz/'>\n <provider_id>")
xml_parts.append("<?xml version='1.0' encoding='UTF-8'?>\n<request_bundle xmlns='https://www.podepsano.cz/'>\n <provider_id>")
xml_parts.append("</provider_id>\n <provider_request_id>")
xml_parts.append("</provider_request_id>\n <provider_return_url>")
xml_parts.append("</provider_return_url>\n <provider_requested_id_attributes>\n")
......@@ -36,7 +37,7 @@ def create_xml(company_name, req_id, return_url, requested_attrs, subject, conte
for one in requested_attrs:
requested_attrs_result += one + "\n"
result = xml_parts[0] + company_name + xml_parts[1] + req_id + xml_parts[2] + return_url + xml_parts[3] + requested_attrs_result + xml_parts[4] + subject + xml_parts[5] + content + xml_parts[6]
result = xml_parts[0] + escape(company_name) + xml_parts[1] + escape(req_id) + xml_parts[2] + escape(return_url) + xml_parts[3] + escape(requested_attrs_result) + xml_parts[4] + escape(subject) + xml_parts[5] + escape(content) + xml_parts[6]
return result
def parse_xml(xml_data):
......
......@@ -7,13 +7,13 @@ import xml.dom.minidom as dom
import podepsano
def start_order(request):
notar_start = "http://podepsano.cz/sign"
notar_start = "https://www.podepsano.cz/sign"
callback = util.getViewURL(request, finish_order)
return render_to_response('start.html', {'start': notar_start, 'finish': callback, 'links': links})
def generator(request):
notar_start = "http://podepsano.cz/sign"
notar_start = "https://www.podepsano.cz/sign"
callback = util.getViewURL(request, finish_order)
return render_to_response('generator.html', {'start': notar_start, 'finish': callback, 'links': links})
......@@ -44,7 +44,7 @@ def finish_order(request):
# translating requested_attrs
for one in data["requested_attrs"]:
one[0] = podepsano.translate_attr(settings.BASE_URL+'attribute.yaml' ,one[0])
one[0] = podepsano.translate_attr(settings.BASE_SHARE_DIR+'attribute.yaml' ,one[0])
return render_to_response('finish.html',
......
......@@ -3,11 +3,4 @@ BASE_SHARE_DIR = '/home/opi/prog/NIC/podepsano_mock/notary/'
BASE_URL = 'podepsano/'
#BASE_URL = ''
MEDIA_ROOT = '/home/opi/prog/NIC/podepsano_mock/media/'
DATABASE_ENGINE = 'postgresql_psycopg2' # 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'.
DATABASE_NAME = 'notar' # Or path to database file if using sqlite3.
DATABASE_USER = 'notar' # Not used with sqlite3.
DATABASE_PASSWORD = 'notar' # Not used with sqlite3.
DATABASE_HOST = '' # Set to empty string for localhost. Not used with sqlite3.
DATABASE_PORT = '' # Set to empty string for default. Not used with sqlite3.
MEDIA_ROOT = '/home/opi/prog/NIC/podepsano_mock/media/'
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment