Mercurial > public > sg101
diff news/views.py @ 849:ff645a692791
For issue #79, use bleach to sanitize both user input markdown & html.
| author | Brian Neal <bgneal@gmail.com> |
|---|---|
| date | Thu, 30 Oct 2014 19:30:37 -0500 |
| parents | ee87ea74d46b |
| children | 79a71b9d0a2a |
line wrap: on
line diff
--- a/news/views.py Tue Oct 28 19:33:14 2014 -0500 +++ b/news/views.py Thu Oct 30 19:30:37 2014 -0500 @@ -11,7 +11,6 @@ from django.shortcuts import get_object_or_404 from django.core.paginator import InvalidPage from django.core.urlresolvers import reverse -from django.db.models import Q from django.contrib.sites.models import Site from django.http import Http404 @@ -24,7 +23,6 @@ from core.functions import get_page from core.paginator import DiggPaginator from news.models import Category -from news.models import PendingStory from news.models import Story from news.forms import AddNewsForm from news.forms import SendStoryForm @@ -145,8 +143,8 @@ if add_form.is_valid(): pending_story = add_form.save(commit=False) pending_story.submitter = request.user - pending_story.short_text = clean_html(pending_story.short_text) - pending_story.long_text = clean_html(pending_story.long_text) + pending_story.short_text = _clean_html(pending_story.short_text) + pending_story.long_text = _clean_html(pending_story.long_text) pending_story.save() return HttpResponseRedirect(reverse('news.views.submit_thanks')) else: @@ -239,3 +237,7 @@ }, context_instance = RequestContext(request)) +####################################################################### + +def _clean_html(s): + return clean_html(s, profile='news')