add an unsafecommonmark template filter for user generated commonmark, uses bleach to clean

2016-08-15 09:22:48 +02:00 · 2016-08-15 09:22:48 +02:00 · 0d0a42209f
parent 2b16bc4901
commit 0d0a42209f
3 changed files with 10 additions and 2 deletions
--- a/utils/templatetags/commonmark.py
+++ b/utils/templatetags/commonmark.py
@ -10,6 +10,14 @@ register = template.Library()
@register.filter
@stringfilter
 def commonmark(value):
+    parser = CommonMark.Parser()
+    renderer = CommonMark.HtmlRenderer()
+    ast = parser.parse(value)
+    return mark_safe(renderer.render(ast))
+
+@register.filter
+@stringfilter
+def unsafecommonmark(value):
    parser = CommonMark.Parser()
    renderer = CommonMark.HtmlRenderer()
    ast = parser.parse(bleach.clean(value))
--- a/villages/templates/village_detail.html
+++ b/villages/templates/village_detail.html
@ -9,7 +9,7 @@ Village: {{ village.name }} | {{ block.super }}

 <h3>{{ village.name }}</h3>

-{{ village.description|commonmark }}
+{{ village.description|unsafecommonmark }}

 {% if user == village.contact %}
 <hr />
--- a/villages/templates/village_list.html
+++ b/villages/templates/village_list.html
@ -44,7 +44,7 @@ Villages | {{ block.super }}
        </a>
      </td>
      <td>
-        {{ village.description|commonmark|truncatewords:50 }}
+        {{ village.description|unsafecommonmark|truncatewords:50 }}
      </td>
      <td>
        <i class="glyphicon glyphicon-{% if village.private %}remove{% else %}ok{% endif %}"></i>