From 0a6af695ec61a1ac2074981deefba434a843b215 Mon Sep 17 00:00:00 2001
From: root <root@studio.camp>
Date: Wed, 22 Aug 2018 16:40:49 +0000
Subject: [PATCH] use lxml.html to sanitize html

---
 content/models.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/content/models.py b/content/models.py
index c99aa72..5afaf9e 100644
--- a/content/models.py
+++ b/content/models.py
@@ -11,9 +11,14 @@ from photologue.models import Photo, Gallery
 from markdownx.models import MarkdownxField
 from markdownx.utils import markdownify
 import ox
+import lxml.html
+
 
 # Create your models here.
 
+def sanitize_html(string):
+    return '\n'.join(lxml.html.tostring(x) for x in lxml.html.fragment_fromstring(string).iterchildren())
+
 class Acrolike(models.Model):
     title = models.CharField(max_length=255)
 
@@ -114,7 +119,8 @@ class Content(models.Model):
         if self.teaser:
             value = markdownify(self.teaser)
         elif self.header:
-            value = ox.sanitize_html(ox.decode_html(markdownify(self.header)))
+            value = ox.decode_html(markdownify(self.header))
+            value = sanitize_html('<div>' + value + '</div>')
         else:
             value = ''
         return mark_safe(value)