fixed possible markdown xss

This commit is contained in:
vabene1111 2020-02-02 16:06:12 +01:00
parent 4da1293898
commit 07502fecc0
2 changed files with 5 additions and 1 deletions

View File

@ -1,5 +1,7 @@
from django import template
import markdown as md
import bleach
from bleach_whitelist import markdown_tags, markdown_attrs
register = template.Library()
@ -11,4 +13,4 @@ def get_class(value):
@register.filter()
def markdown(value):
return md.markdown(value, extensions=['markdown.extensions.fenced_code'])
return bleach.clean(md.markdown(value, extensions=['markdown.extensions.fenced_code']), markdown_tags, markdown_attrs)

View File

@ -7,6 +7,8 @@ djangorestframework
django-autocomplete-light
django-emoji-picker
django-cleanup
bleach
bleach-whitelist
six
requests
markdown