11__author__ = 'chris'
22
3- import bleach
43import json
54import os
65import obelisk
2726from market .contracts import Contract , check_order_for_payment
2827from market .btcprice import BtcPrice
2928from net .upnp import PortMapper
30- from api import ALLOWED_TAGS , ALLOWED_ATTRIBUTES , ALLOWED_STYLES
3129from api .utils import sanitize_html
3230
3331DEFAULT_RECORDS_COUNT = 20
3432DEFAULT_RECORDS_OFFSET = 0
3533
3634
37- def clean (s ):
38- return bleach .clean (s , tags = ALLOWED_TAGS , attributes = ALLOWED_ATTRIBUTES , styles = ALLOWED_STYLES )
39-
4035class OpenBazaarAPI (APIResource ):
4136 """
4237 This RESTful API allows clients to pull relevant data from the
@@ -158,46 +153,45 @@ def parse_profile(profile, temp_handle=None):
158153 if profile is not None :
159154 profile_json = {
160155 "profile" : {
161- "name" : clean ( profile .name ). encode ( "utf-8" ) ,
156+ "name" : profile .name ,
162157 "location" : str (CountryCode .Name (profile .location )),
163158 "public_key" : profile .guid_key .public_key .encode ("hex" ),
164159 "nsfw" : profile .nsfw ,
165160 "vendor" : profile .vendor ,
166161 "moderator" : profile .moderator ,
167162 "moderation_fee" : round (profile .moderation_fee , 2 ),
168- "handle" : clean ( profile .handle ). encode ( "utf-8" ) ,
169- "about" : clean ( profile .about ). encode ( "utf-8" ) ,
170- "short_description" : clean ( profile .short_description ). encode ( "utf-8" ) ,
171- "website" : clean ( profile .website ). encode ( "utf-8" ) ,
172- "email" : clean ( profile .email ). encode ( "utf-8" ) ,
163+ "handle" : profile .handle ,
164+ "about" : profile .about ,
165+ "short_description" : profile .short_description ,
166+ "website" : profile .website ,
167+ "email" : profile .email ,
173168 "primary_color" : profile .primary_color ,
174169 "secondary_color" : profile .secondary_color ,
175170 "background_color" : profile .background_color ,
176171 "text_color" : profile .text_color ,
177- "pgp_key" : clean ( profile .pgp_key .public_key ). encode ( "utf-8" ) ,
172+ "pgp_key" : profile .pgp_key .public_key ,
178173 "avatar_hash" : profile .avatar_hash .encode ("hex" ),
179174 "header_hash" : profile .header_hash .encode ("hex" ),
180175 "social_accounts" : {}
181176 }
182177 }
183178 if temp_handle :
184- profile_json ["profile" ]["temp_handle" ] = \
185- clean (temp_handle ).encode ("utf-8" )
179+ profile_json ["profile" ]["temp_handle" ] = temp_handle
186180 if "guid" in request .args :
187181 profile_json ["profile" ]["guid" ] = request .args ["guid" ][0 ]
188182 else :
189183 profile_json ["profile" ]["guid" ] = self .keychain .guid .encode ("hex" )
190184 for account in profile .social :
191185 profile_json ["profile" ]["social_accounts" ][str (
192186 objects .Profile .SocialAccount .SocialType .Name (account .type )).lower ()] = {
193- "username" : clean ( account .username ). encode ( "utf-8" ) ,
194- "proof_url" : clean ( account .proof_url ). encode ( "utf-8" )
187+ "username" : account .username ,
188+ "proof_url" : account .proof_url
195189 }
196190 if (profile .handle is not "" and "(unconfirmed)" not in profile .handle and
197191 not blockchainid .validate (profile .handle , profile_json ["profile" ]["guid" ])):
198192 profile_json ["profile" ]["handle" ] = ""
199193 request .setHeader ('content-type' , "application/json" )
200- request .write (json .dumps (profile_json , indent = 4 ))
194+ request .write (json .dumps (sanitize_html ( profile_json ) , indent = 4 ))
201195 request .finish ()
202196 else :
203197 request .write (json .dumps ({}))
@@ -228,10 +222,10 @@ def parse_listings(listings):
228222 response = {"listings" : []}
229223 for l in listings .listing :
230224 listing_json = {
231- "title" : clean ( l .title ). encode ( "utf-8" ) ,
225+ "title" : l .title ,
232226 "contract_hash" : l .contract_hash .encode ("hex" ),
233227 "thumbnail_hash" : l .thumbnail_hash .encode ("hex" ),
234- "category" : clean ( l .category ). encode ( "utf-8" ) ,
228+ "category" : l .category ,
235229 "price" : l .price ,
236230 "currency_code" : l .currency_code ,
237231 "nsfw" : l .nsfw ,
@@ -244,7 +238,7 @@ def parse_listings(listings):
244238 listing_json ["ships_to" ].append (str (CountryCode .Name (country )))
245239 response ["listings" ].append (listing_json )
246240 request .setHeader ('content-type' , "application/json" )
247- request .write (json .dumps (response , indent = 4 ))
241+ request .write (json .dumps (sanitize_html ( response ) , indent = 4 ))
248242 request .finish ()
249243 else :
250244 request .write (json .dumps ({}))
@@ -277,15 +271,15 @@ def parse_followers(followers):
277271 for f in followers .followers :
278272 follower_json = {
279273 "guid" : f .guid .encode ("hex" ),
280- "handle" : clean ( f .metadata .handle ) ,
281- "name" : clean ( f .metadata .name ) ,
274+ "handle" : f .metadata .handle ,
275+ "name" : f .metadata .name ,
282276 "avatar_hash" : f .metadata .avatar_hash .encode ("hex" ),
283- "short_description" : clean ( f .metadata .short_description ) ,
277+ "short_description" : f .metadata .short_description ,
284278 "nsfw" : f .metadata .nsfw
285279 }
286280 response ["followers" ].append (follower_json )
287281 request .setHeader ('content-type' , "application/json" )
288- request .write (json .dumps (response , indent = 4 ). encode ( "utf-8" ))
282+ request .write (json .dumps (sanitize_html ( response ) , indent = 4 ))
289283 request .finish ()
290284 else :
291285 request .write (json .dumps ({}))
@@ -317,15 +311,15 @@ def parse_following(following):
317311 for f in following .users :
318312 user_json = {
319313 "guid" : f .guid .encode ("hex" ),
320- "handle" : clean ( f .metadata .handle ). encode ( "utf-8" ) ,
321- "name" : clean ( f .metadata .name ). encode ( "utf-8" ) ,
314+ "handle" : f .metadata .handle ,
315+ "name" : f .metadata .name ,
322316 "avatar_hash" : f .metadata .avatar_hash .encode ("hex" ),
323- "short_description" : clean ( f .metadata .short_description ). encode ( "utf-8" ) ,
317+ "short_description" : f .metadata .short_description ,
324318 "nsfw" : f .metadata .nsfw
325319 }
326320 response ["following" ].append (user_json )
327321 request .setHeader ('content-type' , "application/json" )
328- request .write (json .dumps (response , indent = 4 ))
322+ request .write (json .dumps (sanitize_html ( response ) , indent = 4 ))
329323 request .finish ()
330324 else :
331325 request .write (json .dumps ({}))
@@ -934,7 +928,7 @@ def get_settings(self, request):
934928 pass
935929 settings_json ["moderators" ] = mods
936930 request .setHeader ('content-type' , "application/json" )
937- request .write (bleach . clean ( json .dumps (settings_json , indent = 4 ), tags = ALLOWED_TAGS ). encode ( "utf-8" ))
931+ request .write (json .dumps (sanitize_html ( settings_json ) , indent = 4 ))
938932 request .finish ()
939933 return server .NOT_DONE_YET
940934
@@ -947,7 +941,7 @@ def get_connected_peers(self, request):
947941 "num_peers" : len (peers ),
948942 "peers" : peers
949943 }
950- request .write (bleach . clean ( json .dumps (resp , indent = 4 ), tags = ALLOWED_TAGS ). encode ( "utf-8" ))
944+ request .write (json .dumps (sanitize_html ( resp ) , indent = 4 ))
951945 request .finish ()
952946 return server .NOT_DONE_YET
953947
@@ -966,7 +960,7 @@ def get_routing_table(self, request):
966960 }
967961 nodes .append (n )
968962 request .setHeader ('content-type' , "application/json" )
969- request .write (bleach . clean ( json .dumps (nodes , indent = 4 ), tags = ALLOWED_TAGS ). encode ( "utf-8" ))
963+ request .write (json .dumps (sanitize_html ( nodes ) , indent = 4 ))
970964 request .finish ()
971965 return server .NOT_DONE_YET
972966
@@ -984,17 +978,17 @@ def get_notifications(self, request):
984978 notification_json = {
985979 "id" : n [0 ],
986980 "guid" : n [1 ],
987- "handle" : clean ( n [2 ]) ,
981+ "handle" : n [2 ],
988982 "type" : n [3 ],
989983 "order_id" : n [4 ],
990- "title" : clean ( n [5 ]) ,
984+ "title" : n [5 ],
991985 "timestamp" : n [6 ],
992986 "image_hash" : n [7 ].encode ("hex" ),
993987 "read" : False if n [8 ] == 0 else True
994988 }
995989 notification_dict ["notifications" ].append (notification_json )
996990 request .setHeader ('content-type' , "application/json" )
997- request .write (json .dumps (notification_dict , indent = 4 ). encode ( "utf-8" ))
991+ request .write (json .dumps (sanitize_html ( notification_dict ) , indent = 4 ))
998992 request .finish ()
999993 return server .NOT_DONE_YET
1000994
@@ -1036,16 +1030,16 @@ def get_chat_messages(self, request):
10361030 message_json = {
10371031 "id" : m [11 ],
10381032 "guid" : m [0 ],
1039- "handle" : clean ( m [1 ]) ,
1040- "message" : clean ( m [5 ]) ,
1033+ "handle" : m [1 ],
1034+ "message" : m [5 ],
10411035 "timestamp" : m [6 ],
10421036 "avatar_hash" : m [7 ].encode ("hex" ),
10431037 "outgoing" : False if m [9 ] == 0 else True ,
10441038 "read" : False if m [10 ] == 0 else True
10451039 }
10461040 message_list .append (message_json )
10471041 request .setHeader ('content-type' , "application/json" )
1048- request .write (json .dumps (message_list , indent = 4 ). encode ( "utf-8" ))
1042+ request .write (json .dumps (sanitize_html ( message_list ) , indent = 4 ))
10491043 request .finish ()
10501044 return server .NOT_DONE_YET
10511045
@@ -1092,18 +1086,18 @@ def get_sales(self, request):
10921086 for sale in sales :
10931087 sale_json = {
10941088 "order_id" : sale [0 ],
1095- "title" : clean ( sale [1 ]) ,
1096- "description" : clean ( sale [2 ]) ,
1089+ "title" : sale [1 ],
1090+ "description" : sale [2 ],
10971091 "timestamp" : sale [3 ],
10981092 "btc_total" : sale [4 ],
10991093 "status" : sale [5 ],
11001094 "thumbnail_hash" : sale [6 ],
1101- "buyer" : clean ( sale [7 ]) ,
1095+ "buyer" : sale [7 ],
11021096 "contract_type" : sale [8 ]
11031097 }
11041098 sales_list .append (sale_json )
11051099 request .setHeader ('content-type' , "application/json" )
1106- request .write (json .dumps (sales_list , indent = 4 ). encode ( "utf-8" ))
1100+ request .write (json .dumps (sanitize_html ( sales_list ) , indent = 4 ))
11071101 request .finish ()
11081102 return server .NOT_DONE_YET
11091103
@@ -1115,8 +1109,8 @@ def get_purchases(self, request):
11151109 for purchase in purchases :
11161110 purchase_json = {
11171111 "order_id" : purchase [0 ],
1118- "title" : clean ( purchase [1 ]) ,
1119- "description" : clean ( purchase [2 ]) ,
1112+ "title" : purchase [1 ],
1113+ "description" : purchase [2 ],
11201114 "timestamp" : purchase [3 ],
11211115 "btc_total" : purchase [4 ],
11221116 "status" : purchase [5 ],
@@ -1126,7 +1120,7 @@ def get_purchases(self, request):
11261120 }
11271121 purchases_list .append (purchase_json )
11281122 request .setHeader ('content-type' , "application/json" )
1129- request .write (json .dumps (purchases_list , indent = 4 ). encode ( "utf-8" ))
1123+ request .write (json .dumps (sanitize_html ( purchases_list ) , indent = 4 ))
11301124 request .finish ()
11311125 return server .NOT_DONE_YET
11321126
@@ -1193,7 +1187,7 @@ def get_order(self, request):
11931187
11941188 def return_order ():
11951189 request .setHeader ('content-type' , "application/json" )
1196- request .write (bleach . clean ( json .dumps (order , indent = 4 ), tags = ALLOWED_TAGS ). encode ( "utf-8" ))
1190+ request .write (json .dumps (sanitize_html ( order ) , indent = 4 ))
11971191 request .finish ()
11981192
11991193 def height_fetched (ec , chain_height ):
@@ -1295,19 +1289,19 @@ def get_cases(self, request):
12951289 for case in cases :
12961290 purchase_json = {
12971291 "order_id" : case [0 ],
1298- "title" : clean ( case [1 ]) ,
1292+ "title" : case [1 ],
12991293 "timestamp" : case [2 ],
13001294 "order_date" : case [3 ],
13011295 "btc_total" : case [4 ],
13021296 "thumbnail_hash" : case [5 ],
1303- "buyer" : clean ( case [6 ]) ,
1304- "vendor" : clean ( case [7 ]) ,
1297+ "buyer" : case [6 ],
1298+ "vendor" : case [7 ],
13051299 "validation" : json .loads (case [8 ]),
13061300 "status" : "closed" if case [10 ] == 1 else "open"
13071301 }
13081302 cases_list .append (purchase_json )
13091303 request .setHeader ('content-type' , "application/json" )
1310- request .write (json .dumps (cases_list , indent = 4 ). encode ( "utf-8" ))
1304+ request .write (json .dumps (sanitize_html ( cases_list ) , indent = 4 ))
13111305 request .finish ()
13121306 return server .NOT_DONE_YET
13131307
@@ -1320,16 +1314,16 @@ def order_messages(self, request):
13201314 if m [0 ] is not None :
13211315 message_json = {
13221316 "guid" : m [0 ],
1323- "handle" : clean ( m [1 ]) ,
1324- "message" : clean ( m [5 ]) ,
1317+ "handle" : m [1 ],
1318+ "message" : m [5 ],
13251319 "timestamp" : m [6 ],
13261320 "avatar_hash" : m [7 ].encode ("hex" ),
13271321 "message_type" : m [4 ],
13281322 "outgoing" : False if m [9 ] == 0 else True
13291323 }
13301324 message_list .append (message_json )
13311325 request .setHeader ('content-type' , "application/json" )
1332- request .write (json .dumps (message_list , indent = 4 ). encode ( "utf-8" ))
1326+ request .write (json .dumps (sanitize_html ( message_list ) , indent = 4 ))
13331327 request .finish ()
13341328 return server .NOT_DONE_YET
13351329
@@ -1339,7 +1333,7 @@ def get_ratings(self, request):
13391333 def parse_response (ratings ):
13401334 if ratings is not None :
13411335 request .setHeader ('content-type' , "application/json" )
1342- request .write (bleach . clean ( json .dumps (ratings , indent = 4 ), tags = ALLOWED_TAGS ). encode ( "utf-8" ))
1336+ request .write (json .dumps (sanitize_html ( ratings ) , indent = 4 ))
13431337 request .finish ()
13441338 else :
13451339 request .write (json .dumps ({}))
@@ -1365,7 +1359,7 @@ def get_node(node):
13651359 for rating in self .db .ratings .get_all_ratings ():
13661360 ratings .append (json .loads (rating [0 ]))
13671361 request .setHeader ('content-type' , "application/json" )
1368- request .write (bleach . clean ( json .dumps (ratings , indent = 4 )). encode ( "utf-8" ))
1362+ request .write (json .dumps (sanitize_html ( ratings ) , indent = 4 ))
13691363 request .finish ()
13701364 return server .NOT_DONE_YET
13711365
0 commit comments