Compare commits

...

3 Commits

Author SHA1 Message Date
root
f26ddd3a41 Merge branch 'master' of https://code.with.camp/CAMP/camp 2018-08-22 20:00:31 +00:00
root
0a6af695ec use lxml.html to sanitize html 2018-08-22 16:40:49 +00:00
root
3d84677b70 no years for projects, works 2018-08-22 16:40:36 +00:00
2 changed files with 14 additions and 3 deletions

View File

@ -15,9 +15,14 @@ from markdownx.models import MarkdownxField
from markdownx.utils import markdownify from markdownx.utils import markdownify
from sortedm2m.fields import SortedManyToManyField from sortedm2m.fields import SortedManyToManyField
import ox import ox
import lxml.html
# Create your models here. # Create your models here.
def sanitize_html(string):
return '\n'.join(lxml.html.tostring(x) for x in lxml.html.fragment_fromstring(string).iterchildren())
class Acrolike(models.Model): class Acrolike(models.Model):
title = models.CharField(max_length=255) title = models.CharField(max_length=255)
@ -120,7 +125,8 @@ class Content(models.Model):
if self.teaser: if self.teaser:
value = markdownify(self.teaser) value = markdownify(self.teaser)
elif self.header: elif self.header:
value = ox.sanitize_html(ox.decode_html(markdownify(self.header))) value = ox.decode_html(markdownify(self.header))
value = sanitize_html('<div>' + value + '</div>')
else: else:
value = '' value = ''
return mark_safe(value) return mark_safe(value)

View File

@ -95,7 +95,12 @@ def section_list(request, section):
q = request.GET.get('q') q = request.GET.get('q')
content = limit_content(content, q) content = limit_content(content, q)
year = request.GET.get('year', '') year = request.GET.get('year', '')
if year or section not in ('Projects', 'Works'):
context = filter_by_years(content, year) context = filter_by_years(content, year)
else:
context = {
'content': content
}
''' '''
page = request.GET.get('page', 1) page = request.GET.get('page', 1)
@ -270,7 +275,7 @@ def redirect_index(request):
return redirect(reverse('index')) return redirect(reverse('index'))
def redirect_event(request): def redirect_event(request):
shortname = request.GET.get('this').replace(' ', '_').lower() shortname = request.GET.get('this', '').replace(' ', '_').lower()
if shortname: if shortname:
content = get_object_or_404(Content, shortname__iexact=shortname) content = get_object_or_404(Content, shortname__iexact=shortname)
return redirect(content.get_absolute_url()) return redirect(content.get_absolute_url())