Sanitize HTML input
This commit is contained in:
parent
83ab4dffbe
commit
200df3fdc8
|
|
@ -7,6 +7,7 @@ from rest_auth.registration.serializers import RegisterSerializer
|
||||||
from rest_auth.serializers import UserDetailsSerializer
|
from rest_auth.serializers import UserDetailsSerializer
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
from PIL import Image
|
from PIL import Image
|
||||||
|
from bleach.sanitizer import Cleaner
|
||||||
|
|
||||||
from . import models, old_models
|
from . import models, old_models
|
||||||
|
|
||||||
|
|
@ -44,12 +45,37 @@ def process_image(upload):
|
||||||
|
|
||||||
return small, medium, large
|
return small, medium, large
|
||||||
|
|
||||||
|
|
||||||
|
ALLOWED_TAGS = [
|
||||||
|
'h3',
|
||||||
|
'p',
|
||||||
|
'br',
|
||||||
|
'strong',
|
||||||
|
'em',
|
||||||
|
'u',
|
||||||
|
'code',
|
||||||
|
'ol',
|
||||||
|
'li',
|
||||||
|
'ul',
|
||||||
|
'a',
|
||||||
|
]
|
||||||
|
|
||||||
|
clean = Cleaner(tags=ALLOWED_TAGS).clean
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class UserEmailField(serializers.ModelField):
|
class UserEmailField(serializers.ModelField):
|
||||||
def to_representation(self, obj):
|
def to_representation(self, obj):
|
||||||
return getattr(obj.user, 'email', obj.old_email)
|
return getattr(obj.user, 'email', obj.old_email)
|
||||||
def to_internal_value(self, data):
|
def to_internal_value(self, data):
|
||||||
return serializers.EmailField().run_validation(data)
|
return serializers.EmailField().run_validation(data)
|
||||||
|
|
||||||
|
class HTMLField(serializers.CharField):
|
||||||
|
def to_internal_value(self, data):
|
||||||
|
data = clean(data)
|
||||||
|
return super().to_internal_value(data)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -221,14 +247,13 @@ class SessionListSerializer(SessionSerializer):
|
||||||
|
|
||||||
class CourseSerializer(serializers.ModelSerializer):
|
class CourseSerializer(serializers.ModelSerializer):
|
||||||
name = serializers.CharField()
|
name = serializers.CharField()
|
||||||
description = serializers.CharField(write_only=True)
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = models.Course
|
model = models.Course
|
||||||
fields = ['id', 'name', 'description']
|
fields = ['id', 'name']
|
||||||
|
|
||||||
class CourseDetailSerializer(serializers.ModelSerializer):
|
class CourseDetailSerializer(serializers.ModelSerializer):
|
||||||
sessions = SessionListSerializer(many=True, read_only=True)
|
sessions = SessionListSerializer(many=True, read_only=True)
|
||||||
|
description = HTMLField()
|
||||||
class Meta:
|
class Meta:
|
||||||
model = models.Course
|
model = models.Course
|
||||||
fields = '__all__'
|
fields = '__all__'
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
argon2-cffi==19.2.0
|
argon2-cffi==19.2.0
|
||||||
asgiref==3.2.3
|
asgiref==3.2.3
|
||||||
|
bleach==3.1.0
|
||||||
certifi==2019.11.28
|
certifi==2019.11.28
|
||||||
cffi==1.13.2
|
cffi==1.13.2
|
||||||
chardet==3.0.4
|
chardet==3.0.4
|
||||||
|
|
@ -11,6 +12,7 @@ djangorestframework==3.11.0
|
||||||
fuzzywuzzy==0.17.0
|
fuzzywuzzy==0.17.0
|
||||||
idna==2.8
|
idna==2.8
|
||||||
oauthlib==3.1.0
|
oauthlib==3.1.0
|
||||||
|
Pillow==7.0.0
|
||||||
pkg-resources==0.0.0
|
pkg-resources==0.0.0
|
||||||
pycparser==2.19
|
pycparser==2.19
|
||||||
python-Levenshtein==0.12.0
|
python-Levenshtein==0.12.0
|
||||||
|
|
@ -21,3 +23,4 @@ requests-oauthlib==1.3.0
|
||||||
six==1.13.0
|
six==1.13.0
|
||||||
sqlparse==0.3.0
|
sqlparse==0.3.0
|
||||||
urllib3==1.25.7
|
urllib3==1.25.7
|
||||||
|
webencodings==0.5.1
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user