Fix unescaping of html in template filters.

This was not a security bug, because it was done before passing code to
sanitize, but it was totally an annoying UI bug.
This commit is contained in:
Jason McBrayer 2018-06-06 15:21:00 -04:00
parent e05601db22
commit d0770dbbe1

View File

@ -2,9 +2,15 @@ from django import template
from bs4 import BeautifulSoup
from urllib import parse
from django.urls import reverse
from pdb import set_trace
register = template.Library()
@register.filter
def pdb(element):
set_trace()
return element
@register.filter
def relink_tags(value):
'''Treat the text as html, and replace tag links with app-internal tag links
@ -18,7 +24,7 @@ def relink_tags(value):
soup = BeautifulSoup(value, 'html.parser')
for link in soup.find_all('a', class_='hashtag'):
link['href'] = reverse('tag', args=[link.span.string])
return soup.decode(formatter=None)
return soup.decode(formatter='html')
@register.filter
def relink_mentions(value):
@ -39,7 +45,7 @@ def relink_mentions(value):
link['href'] = reverse('user', args=[user+'@'+instance])
except:
continue
return soup.decode(formatter=None)
return soup.decode(formatter='html')
@register.filter
def relink_toot(value):