use lxml.html to sanitize html

2018-08-22 16:40:49 +00:00 · 2018-08-22 16:40:49 +00:00 · 0a6af695ec
commit 0a6af695ec
parent 3d84677b70
1 changed files with 7 additions and 1 deletions
--- a/content/models.py
+++ b/content/models.py
@ -11,9 +11,14 @@ from photologue.models import Photo, Gallery
 from markdownx.models import MarkdownxField
 from markdownx.utils import markdownify
 import ox
+import lxml.html
+

 # Create your models here.

+def sanitize_html(string):
+    return '\n'.join(lxml.html.tostring(x) for x in lxml.html.fragment_fromstring(string).iterchildren())
+
 class Acrolike(models.Model):
    title = models.CharField(max_length=255)

@ -114,7 +119,8 @@ class Content(models.Model):
        if self.teaser:
            value = markdownify(self.teaser)
        elif self.header:
-            value = ox.sanitize_html(ox.decode_html(markdownify(self.header)))
+            value = ox.decode_html(markdownify(self.header))
+            value = sanitize_html('<div>' + value + '</div>')
        else:
            value = ''
        return mark_safe(value)