From 0d0a42209f47c21e75c402408f4f71e77e56ddb8 Mon Sep 17 00:00:00 2001 From: Thomas Steen Rasmussen Date: Mon, 15 Aug 2016 09:22:48 +0200 Subject: [PATCH] add an unsafecommonmark template filter for user generated commonmark, uses bleach to clean --- utils/templatetags/commonmark.py | 8 ++++++++ villages/templates/village_detail.html | 2 +- villages/templates/village_list.html | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/utils/templatetags/commonmark.py b/utils/templatetags/commonmark.py index de6460b2..d14fba2b 100644 --- a/utils/templatetags/commonmark.py +++ b/utils/templatetags/commonmark.py @@ -10,6 +10,14 @@ register = template.Library() @register.filter @stringfilter def commonmark(value): + parser = CommonMark.Parser() + renderer = CommonMark.HtmlRenderer() + ast = parser.parse(value) + return mark_safe(renderer.render(ast)) + +@register.filter +@stringfilter +def unsafecommonmark(value): parser = CommonMark.Parser() renderer = CommonMark.HtmlRenderer() ast = parser.parse(bleach.clean(value)) diff --git a/villages/templates/village_detail.html b/villages/templates/village_detail.html index 79925536..db73c6d8 100644 --- a/villages/templates/village_detail.html +++ b/villages/templates/village_detail.html @@ -9,7 +9,7 @@ Village: {{ village.name }} | {{ block.super }}

{{ village.name }}

-{{ village.description|commonmark }} +{{ village.description|unsafecommonmark }} {% if user == village.contact %}
diff --git a/villages/templates/village_list.html b/villages/templates/village_list.html index e7d744eb..6af03edb 100644 --- a/villages/templates/village_list.html +++ b/villages/templates/village_list.html @@ -44,7 +44,7 @@ Villages | {{ block.super }} - {{ village.description|commonmark|truncatewords:50 }} + {{ village.description|unsafecommonmark|truncatewords:50 }}