mirror of
https://gitlab.com/brutaldon/brutaldon.git
synced 2024-12-04 14:46:24 -05:00
Fix unescaping of html in template filters.
This was not a security bug, because it was done before passing code to sanitize, but it was totally an annoying UI bug.
This commit is contained in:
parent
e05601db22
commit
d0770dbbe1
@ -2,9 +2,15 @@ from django import template
|
||||
from bs4 import BeautifulSoup
|
||||
from urllib import parse
|
||||
from django.urls import reverse
|
||||
from pdb import set_trace
|
||||
|
||||
register = template.Library()
|
||||
|
||||
@register.filter
|
||||
def pdb(element):
|
||||
set_trace()
|
||||
return element
|
||||
|
||||
@register.filter
|
||||
def relink_tags(value):
|
||||
'''Treat the text as html, and replace tag links with app-internal tag links
|
||||
@ -18,7 +24,7 @@ def relink_tags(value):
|
||||
soup = BeautifulSoup(value, 'html.parser')
|
||||
for link in soup.find_all('a', class_='hashtag'):
|
||||
link['href'] = reverse('tag', args=[link.span.string])
|
||||
return soup.decode(formatter=None)
|
||||
return soup.decode(formatter='html')
|
||||
|
||||
@register.filter
|
||||
def relink_mentions(value):
|
||||
@ -39,7 +45,7 @@ def relink_mentions(value):
|
||||
link['href'] = reverse('user', args=[user+'@'+instance])
|
||||
except:
|
||||
continue
|
||||
return soup.decode(formatter=None)
|
||||
return soup.decode(formatter='html')
|
||||
|
||||
@register.filter
|
||||
def relink_toot(value):
|
||||
|
Loading…
Reference in New Issue
Block a user