Coverage for /home/runner/work/viur-core/viur-core/viur/src/viur/core/bones/raw.py: 27%
18 statements
« prev ^ index » next coverage.py v7.10.6, created at 2025-09-13 11:04 +0000
1import re
2from viur.core.bones.base import BaseBone, ReadFromClientError, ReadFromClientErrorSeverity
4SEARCH_TAGS = re.compile(r"[^\s]+")
7class RawBone(BaseBone):
8 """
9 Stores its data without applying any pre/post-processing or filtering. Can be used to store
10 non-html content.
11 Use the dot-notation like "raw.markdown" or similar to describe subsequent types.
13 ..Warning: Using this bone will lead to security vulnerabilities like reflected XSS unless the
14 data is either otherwise validated/stripped or from a trusted source! Don't use this unless
15 you fully understand it's implications!
16 """
17 type = "raw"
19 def singleValueFromClient(self, value, skel, bone_name, client_data):
20 err = self.isInvalid(value)
21 if err:
22 return self.getEmptyValue(), [ReadFromClientError(ReadFromClientErrorSeverity.Invalid, err)]
23 return value, None
25 def getSearchTags(self, skel: "SkeletonInstance", name: str) -> set[str]:
26 result = set()
28 for idx, lang, value in self.iter_bone_value(skel, name):
29 if not value:
30 continue
32 for tag in re.finditer(SEARCH_TAGS, str(value)):
33 result.add(tag.group())
35 return result