mirrors/recipes
1
0
Fork 0
mirror of https://github.com/TandoorRecipes/recipes.git synced 2026-01-01 04:10:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

fixed possible markdown xss

Browse Source
This commit is contained in:
vabene1111
2020-02-02 16:06:12 +01:00
parent 4da1293898
commit 07502fecc0
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cookbook/templatetags/custom_tags.py
View File

@@ -1,5 +1,7 @@
from django import template
import markdown as md
import bleach
from bleach_whitelist import markdown_tags, markdown_attrs
register = template.Library()
@@ -11,4 +13,4 @@ def get_class(value):
@register.filter()
def markdown(value):
return md.markdown(value, extensions=['markdown.extensions.fenced_code'])
return bleach.clean(md.markdown(value, extensions=['markdown.extensions.fenced_code']), markdown_tags, markdown_attrs)