Sanitize html

apiserver/utils.py

@@ -7,6 +7,8 @@ import commonmark
 import random
 import string
 
+from bleach.sanitizer import Cleaner
+
 def gen_rand_id():
     return ''.join(random.choice(string.ascii_uppercase) for _ in range(4))
 
@@ -15,3 +17,28 @@ def render_md(md):
         return commonmark.commonmark(md)
     else:
         return ''
+
+ALLOWED_TAGS = [
+        'a',
+        'abbr',
+        'acronym',
+        'b',
+        'blockquote',
+        'code',
+        'em',
+        'i',
+        'li',
+        'ol',
+        'strong',
+        'ul',
+        'p',
+        'hr',
+        'small',
+        'ins',
+        'sup',
+        'sub',
+        'details',
+        'summary',
+        ]
+
+clean = Cleaner(tags=ALLOWED_TAGS).clean