cgiacofei/TandoorRecipes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed possible markdown xss

Browse Source
This commit is contained in:
vabene1111 2020-02-02 16:06:12 +01:00
parent 4da1293898
commit 07502fecc0
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cookbook/templatetags/custom_tags.py
View File

@ -1,5 +1,7 @@
from django import template from django import template
import markdown as md import markdown as md
import bleach
from bleach_whitelist import markdown_tags, markdown_attrs
register = template.Library() register = template.Library()
@ -11,4 +13,4 @@ def get_class(value):
@register.filter() @register.filter()
def markdown(value): def markdown(value):
return md.markdown(value, extensions=['markdown.extensions.fenced_code']) return bleach.clean(md.markdown(value, extensions=['markdown.extensions.fenced_code']), markdown_tags, markdown_attrs)

2
requirements.txt
View File

@ -7,6 +7,8 @@ djangorestframework
django-autocomplete-light django-autocomplete-light
django-emoji-picker django-emoji-picker
django-cleanup django-cleanup
bleach
bleach-whitelist
six six
requests requests
markdown markdown