Mercurial > public > sg101
diff comments/forms.py @ 963:4619290d171d
Whitelist hot-linked image sources.
| author | Brian Neal <bgneal@gmail.com> |
|---|---|
| date | Tue, 01 Sep 2015 20:33:40 -0500 |
| parents | ee87ea74d46b |
| children | 21c592cac71c |
line wrap: on
line diff
--- a/comments/forms.py Tue Aug 04 16:58:17 2015 -0500 +++ b/comments/forms.py Tue Sep 01 20:33:40 2015 -0500 @@ -7,6 +7,10 @@ from django.contrib.contenttypes.models import ContentType from comments.models import Comment +from core.html import ImageCheckError +from core.html import image_check +from core.markup import site_markup + COMMENT_MAX_LENGTH = getattr(settings, 'COMMENT_MAX_LENGTH', 3000) @@ -64,6 +68,18 @@ return new + def clean_comment(self): + comment = self.cleaned_data['comment'] + self.comment_html = None + if comment: + self.comment_html = site_markup(comment) + try: + image_check(self.comment_html) + except ImageCheckError as ex: + raise forms.ValidationError(str(ex)) + + return comment + class Media: css = { 'all': (settings.GPP_THIRD_PARTY_CSS['markitup'] +