From 0a6af695ec61a1ac2074981deefba434a843b215 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 22 Aug 2018 16:40:49 +0000 Subject: [PATCH] use lxml.html to sanitize html --- content/models.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/models.py b/content/models.py index c99aa72..5afaf9e 100644 --- a/content/models.py +++ b/content/models.py @@ -11,9 +11,14 @@ from photologue.models import Photo, Gallery from markdownx.models import MarkdownxField from markdownx.utils import markdownify import ox +import lxml.html + # Create your models here. +def sanitize_html(string): + return '\n'.join(lxml.html.tostring(x) for x in lxml.html.fragment_fromstring(string).iterchildren()) + class Acrolike(models.Model): title = models.CharField(max_length=255) @@ -114,7 +119,8 @@ class Content(models.Model): if self.teaser: value = markdownify(self.teaser) elif self.header: - value = ox.sanitize_html(ox.decode_html(markdownify(self.header))) + value = ox.decode_html(markdownify(self.header)) + value = sanitize_html('
' + value + '
') else: value = '' return mark_safe(value)