wiki:GenshiMacro

Contents

  1. Description
  2. Bugs/Feature Requests
  3. Download
  4. Source
  5. Installation
  6. Example
  7. Author/Contributors

Render Genshi templates directly in wiki pages

Notice: This plugin is deprecated in Trac 1.3.2 and later because Trac has switched from Genshi to Jinja2 as the template engine. The plugin will not function in Trac 1.5.1 and later.

This plugin has not been developed with security considerations in mind. Only enable this macro on sites where you trust all users who can edit any wiki text with the web server's account.

Description

The GenshiMacro allows you to write and render Genshi templates directly in wiki pages with a new Genshi processor.

Your templates will have access to the request as req, which can be useful for tasks like URL generation, rendering form tokens for POST requests, and checking for a logged-in user.

Note: no security considerations whatsoever went into the making of this plugin. Remy Blank gave some advice:

Genshi templates allow executing arbitrary Python code. So you basically give users who can insert the macro anywhere (wiki page, ticket comment, etc) permission to act as the user running Trac, including running any shell command: 

{{{#!Genshi
<div>${open('/etc/apache2/htpasswd').read()}</div>
}}}

{{{#!Genshi
<?python
  import os
  os.system("rm /path/to/env/db/trac.db")
?>
}}}

So my advice is, only enable this macro on sites where you trust *all* users who can edit *any* wiki text with the web server's account.

Bugs/Feature Requests

Existing bugs and feature requests for GenshiMacro are here.

If you have any issues, create a new ticket.

Download

Download the zipped source from here.

Source

You can clone GenshiMacro from here using Git, or browse the source with Github.

Installation

To use the plugin, install it in your Trac environment and enable it in your trac.ini file: 

[components]
genshimacro.* = enabled

You can then write Genshi templates directly in wiki pages.

Example

  
  {{{#!Genshi
  <div xmlns:py="http://genshi.edgewall.org/">
   <py:choose>
    <py:when test="req.session.authenticated">
     <form method="POST" action="${req.href.newticket()}">
      <input type="text" name="field_summary" placeholder="My new ticket"
             id="field-summary" />
      <input type="hidden" name="__FORM_TOKEN" value="${req.form_token}" />
      <input type="submit" />
     </form>
    </py:when>
    <py:otherwise>
     <b>To file a new ticket, you'll need to
        <a href="${req.href.login()}">log in</a> or
        <a href="${req.href.register()}">create an account</a>
        first.</b>
    </py:otherwise>
   </py:choose>
  </div>  
  }}}

Author/Contributors

Author: ejucovy
Maintainer: ejucovy
Contributors:

Last modified 8 years ago Last modified on Mar 25, 2017, 9:08:34 AM