From 08ac869772fe23cd438b7c8cbbdf2303db703f59 Mon Sep 17 00:00:00 2001 From: bkfox Date: Tue, 18 Feb 2020 19:55:33 +0100 Subject: [PATCH] sanitize headlines --- aircox/models/page.py | 4 +++- aircox/templates/aircox/page_list.html | 2 +- aircox/templates/aircox/widgets/page_item.html | 4 +--- requirements.txt | 1 + 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/aircox/models/page.py b/aircox/models/page.py index 0d75e27..8ad82d4 100644 --- a/aircox/models/page.py +++ b/aircox/models/page.py @@ -9,6 +9,7 @@ from django.utils.html import format_html from django.utils.translation import ugettext_lazy as _ from django.utils.functional import cached_property +import bleach from ckeditor.fields import RichTextField from filer.fields.image import FilerImageField from model_utils.managers import InheritanceQuerySet @@ -129,7 +130,8 @@ class Page(models.Model): def headline(self): if not self.content: return '' - headline = headline_re.search(self.content) + content = bleach.clean(self.content) + headline = headline_re.search(content) return headline.groupdict()['headline'] if headline else '' @classmethod diff --git a/aircox/templates/aircox/page_list.html b/aircox/templates/aircox/page_list.html index 81edcf0..6f8cc42 100644 --- a/aircox/templates/aircox/page_list.html +++ b/aircox/templates/aircox/page_list.html @@ -72,7 +72,7 @@ {% if is_paginated %} -
+
{% update_query request.GET.copy page=None as GET %} {% with GET.urlencode as GET %}