From 1ecb57e795407ac2d7bb52006be99a00581d0ae8 Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Wed, 16 Aug 2023 07:22:09 +0200 Subject: [PATCH] removed dependency and upgraded bleach clean --- cookbook/helper/template_helper.py | 21 ++++++++++++++++----- cookbook/templatetags/custom_tags.py | 20 ++++++++++++++++---- requirements.txt | 1 - 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/cookbook/helper/template_helper.py b/cookbook/helper/template_helper.py index 9bde2fc0..016779a7 100644 --- a/cookbook/helper/template_helper.py +++ b/cookbook/helper/template_helper.py @@ -2,7 +2,6 @@ from gettext import gettext as _ import bleach import markdown as md -from bleach_allowlist import markdown_attrs, markdown_tags from jinja2 import Template, TemplateSyntaxError, UndefinedError from markdown.extensions.tables import TableExtension @@ -53,9 +52,17 @@ class IngredientObject(object): def render_instructions(step): # TODO deduplicate markdown cleanup code instructions = step.instruction - tags = markdown_tags + [ - 'pre', 'table', 'td', 'tr', 'th', 'tbody', 'style', 'thead', 'img' - ] + tags = { + "h1", "h2", "h3", "h4", "h5", "h6", + "b", "i", "strong", "em", "tt", + "p", "br", + "span", "div", "blockquote", "code", "pre", "hr", + "ul", "ol", "li", "dd", "dt", + "img", + "a", + "sub", "sup", + 'pre', 'table', 'td', 'tr', 'th', 'tbody', 'style', 'thead' + } parsed_md = md.markdown( instructions, extensions=[ @@ -63,7 +70,11 @@ def render_instructions(step): # TODO deduplicate markdown cleanup code UrlizeExtension(), MarkdownFormatExtension() ] ) - markdown_attrs['*'] = markdown_attrs['*'] + ['class', 'width', 'height'] + markdown_attrs = { + "*": ["id", "class", 'width', 'height'], + "img": ["src", "alt", "title"], + "a": ["href", "alt", "title"], + } instructions = bleach.clean(parsed_md, tags, markdown_attrs) diff --git a/cookbook/templatetags/custom_tags.py b/cookbook/templatetags/custom_tags.py index 7668e123..be8be581 100644 --- a/cookbook/templatetags/custom_tags.py +++ b/cookbook/templatetags/custom_tags.py @@ -5,7 +5,6 @@ import bleach import markdown as md from django_scopes import ScopeError from markdown.extensions.tables import TableExtension -from bleach_allowlist import markdown_attrs, markdown_tags from django import template from django.db.models import Avg from django.templatetags.static import static @@ -46,9 +45,17 @@ def delete_url(model, pk): @register.filter() def markdown(value): - tags = markdown_tags + [ + tags = { + "h1", "h2", "h3", "h4", "h5", "h6", + "b", "i", "strong", "em", "tt", + "p", "br", + "span", "div", "blockquote", "code", "pre", "hr", + "ul", "ol", "li", "dd", "dt", + "img", + "a", + "sub", "sup", 'pre', 'table', 'td', 'tr', 'th', 'tbody', 'style', 'thead' - ] + } parsed_md = md.markdown( value, extensions=[ @@ -56,7 +63,12 @@ def markdown(value): UrlizeExtension(), MarkdownFormatExtension() ] ) - markdown_attrs['*'] = markdown_attrs['*'] + ['class'] + markdown_attrs = { + "*": ["id", "class"], + "img": ["src", "alt", "title"], + "a": ["href", "alt", "title"], + } + parsed_md = parsed_md[3:] # remove outer paragraph parsed_md = parsed_md[:len(parsed_md)-4] return bleach.clean(parsed_md, tags, markdown_attrs) diff --git a/requirements.txt b/requirements.txt index b246e8d1..e5ff47d1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,7 +10,6 @@ drf-writable-nested==0.7.0 django-oauth-toolkit==2.2.0 django-debug-toolbar==3.8.1 bleach==6.0.0 -bleach-allowlist==1.0.3 gunicorn==20.1.0 lxml==4.9.3 Markdown==3.4.3