working on commonmark escaping

2016-08-15 09:16:07 +02:00 · 2016-08-15 09:16:07 +02:00 · 2b16bc4901
parent fa6f168070
commit 2b16bc4901
3 changed files with 6 additions and 4 deletions
--- a/requirements/base.txt
+++ b/requirements/base.txt
@ -8,3 +8,4 @@ django-wkhtmltopdf>=3.0.0
 Pillow==3.2.0
 qrcode==5.3
 CommonMark==0.6.4
+django-bleach==0.3.0
--- a/utils/templatetags/commonmark.py
+++ b/utils/templatetags/commonmark.py
@ -1,6 +1,7 @@
-import CommonMark
+import CommonMark, bleach

 from django import template
+from django.utils.safestring import mark_safe
 from django.template.defaultfilters import stringfilter

 register = template.Library()
@ -11,6 +12,6 @@ register = template.Library()
 def commonmark(value):
    parser = CommonMark.Parser()
    renderer = CommonMark.HtmlRenderer()
-    ast = parser.parse(value)
-    return renderer.render(ast)
+    ast = parser.parse(bleach.clean(value))
+    return mark_safe(renderer.render(ast))

--- a/villages/templates/village_detail.html
+++ b/villages/templates/village_detail.html
@ -9,7 +9,7 @@ Village: {{ village.name }} | {{ block.super }}

 <h3>{{ village.name }}</h3>

-{{ village.description|escape|commonmark }}
+{{ village.description|commonmark }}

 {% if user == village.contact %}
 <hr />