external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Allow <del> and <details/summary> tags in comments

Browse source 
* Allow additional html tags: <del> and <details/summary>
* Convert markdown double-tilde (~~) to <del> tags

Signed-off-by: moson <moson@archlinux.org>
This commit is contained in:
moson 2023-11-19 19:46:14 +01:00
parent 029ce3b418
commit 765f989b7d
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
2 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
aurweb/scripts/rendercomment.py
View file

@ -121,6 +121,20 @@ class HeadingExtension(markdown.extensions.Extension):
md.treeprocessors.register(HeadingTreeprocessor(md), "heading", 30) md.treeprocessors.register(HeadingTreeprocessor(md), "heading", 30)
class StrikethroughInlineProcessor(markdown.inlinepatterns.InlineProcessor):
def handleMatch(self, m, data):
el = Element("del")
el.text = m.group(1)
return el, m.start(0), m.end(0)
class StrikethroughExtension(markdown.extensions.Extension):
def extendMarkdown(self, md):
pattern = r"~~(.*?)~~"
processor = StrikethroughInlineProcessor(pattern, md)
md.inlinePatterns.register(processor, "del", 40)
def save_rendered_comment(comment: PackageComment, html: str): def save_rendered_comment(comment: PackageComment, html: str):
with db.begin(): with db.begin():
comment.RenderedComment = html comment.RenderedComment = html
@ -142,6 +156,7 @@ def update_comment_render(comment: PackageComment) -> None:
FlysprayLinksExtension(), FlysprayLinksExtension(),
GitCommitsExtension(pkgbasename), GitCommitsExtension(pkgbasename),
HeadingExtension(), HeadingExtension(),
StrikethroughExtension(),
], ],
) )
@ -153,6 +168,9 @@ def update_comment_render(comment: PackageComment) -> None:
"h6", "h6",
"br", "br",
"hr", "hr",
"del",
"details",
"summary",
] ]
html = bleach.clean(html, tags=allowed_tags) html = bleach.clean(html, tags=allowed_tags)
save_rendered_comment(comment, html) save_rendered_comment(comment, html)

7
test/test_rendercomment.py
View file

@ -105,6 +105,13 @@ def test_markdown_conversion(user: User, pkgbase: PackageBase):
assert comment.RenderedComment == expected assert comment.RenderedComment == expected
def test_markdown_strikethrough(user: User, pkgbase: PackageBase):
text = "*~~Hello~~world*~~!~~"
comment = create_comment(user, pkgbase, text)
expected = "<p><em><del>Hello</del>world</em><del>!</del></p>"
assert comment.RenderedComment == expected
def test_html_sanitization(user: User, pkgbase: PackageBase): def test_html_sanitization(user: User, pkgbase: PackageBase):
text = '<script>alert("XSS!")</script>' text = '<script>alert("XSS!")</script>'
comment = create_comment(user, pkgbase, text) comment = create_comment(user, pkgbase, text)