From 2b16bc49015158f9bf4bbe493553315e57690209 Mon Sep 17 00:00:00 2001
From: Thomas Steen Rasmussen <thomas@gibfest.dk>
Date: Mon, 15 Aug 2016 09:16:07 +0200
Subject: [PATCH] working on commonmark escaping

---
 requirements/base.txt                  | 1 +
 utils/templatetags/commonmark.py       | 7 ++++---
 villages/templates/village_detail.html | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 971aee5c..5f89dc6b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -8,3 +8,4 @@ django-wkhtmltopdf>=3.0.0
 Pillow==3.2.0
 qrcode==5.3
 CommonMark==0.6.4
+django-bleach==0.3.0
diff --git a/utils/templatetags/commonmark.py b/utils/templatetags/commonmark.py
index 7a35fa47..de6460b2 100644
--- a/utils/templatetags/commonmark.py
+++ b/utils/templatetags/commonmark.py
@@ -1,6 +1,7 @@
-import CommonMark
+import CommonMark, bleach
 
 from django import template
+from django.utils.safestring import mark_safe
 from django.template.defaultfilters import stringfilter
 
 register = template.Library()
@@ -11,6 +12,6 @@ register = template.Library()
 def commonmark(value):
     parser = CommonMark.Parser()
     renderer = CommonMark.HtmlRenderer()
-    ast = parser.parse(value)
-    return renderer.render(ast)
+    ast = parser.parse(bleach.clean(value))
+    return mark_safe(renderer.render(ast))
 
diff --git a/villages/templates/village_detail.html b/villages/templates/village_detail.html
index 2768515f..79925536 100644
--- a/villages/templates/village_detail.html
+++ b/villages/templates/village_detail.html
@@ -9,7 +9,7 @@ Village: {{ village.name }} | {{ block.super }}
 
 <h3>{{ village.name }}</h3>
 
-{{ village.description|escape|commonmark }}
+{{ village.description|commonmark }}
 
 {% if user == village.contact %}
 <hr />