Add and use bleach_tags filter and fix tests

Add bleach and upgraded html5lib submodules
Replace all instances of strip_tags|safe with bleach_tags|safe
Fix tests

Author: jgmize

.gitmodules

@@ -64,3 +64,9 @@
 [submodule "vendor-local/src/django"]
 	path = vendor-local/src/django
 	url = git://github.com/django/django.git
+[submodule "vendor-local/src/bleach"]
+	path = vendor-local/src/bleach
+	url = https://github.com/jsocol/bleach.git
+[submodule "vendor-local/src/html5lib"]
+	path = vendor-local/src/html5lib
+	url = https://github.com/html5lib/html5lib-python

bedrock/legal/templates/legal/emails/fraud-report.txt

@@ -10,13 +10,13 @@ A new violating website report has been submitted with the following information
 {{ input_product }}
 
 + Specific product
-{{ input_specific_product|strip_tags|safe }}
+{{ input_specific_product|bleach_tags|safe }}
 
 + Other details...
-{{ input_details|strip_tags|safe }}
+{{ input_details|bleach_tags|safe }}
 
 + Attachments...
-{{ input_attachment_desc|strip_tags|safe }}
+{{ input_attachment_desc|bleach_tags|safe }}
 
 + Email
 {{ input_email }}

bedrock/legal/tests.py

@@ -1,4 +1,4 @@
-# -*- coding: utf8 -*-
+# -*- coding: utf-8 -*-
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -228,7 +228,7 @@ def test_emails_not_escaped(self):
         """
 
         STRING1 = u"<em>J'adore Citröns</em> & <Piñatas> so there"
-        EXPECTED1 = u"J'adore Citröns & <Piñatas> so there"
+        EXPECTED1 = u"J'adore Citröns &  so there"
 
         STRING2 = u"<em>J'adore Piñatas</em> & <fromage> so here"
         EXPECTED2 = u"J'adore Piñatas &  so here"

bedrock/mozorg/helpers/misc.py

@@ -5,6 +5,7 @@
 from django.conf import settings
 from django.template.defaultfilters import slugify as django_slugify
 
+import bleach
 import jingo
 import jinja2
 from funfactory.settings_base import path as base_path
@@ -517,3 +518,8 @@ def slugify(text):
     trailing whitespace.
     """
     return django_slugify(text)
+
+
+@jingo.register.filter
+def bleach_tags(text):
+    return bleach.clean(text, tags=[], strip=True).replace('&', '&')

bedrock/mozorg/templates/mozorg/emails/infos.txt

@@ -1,4 +1,4 @@
 Email: {{ email }}
 Area of Interest: {{ interest }}
 Language: {{ request.locale }}
-Comment: {{ comments|strip_tags|safe }}
+Comment: {{ comments|bleach_tags|safe }}

bedrock/mozorg/tests/test_views.py

@@ -424,7 +424,7 @@ def test_emails_not_escaped(self):
         Tags are still stripped, though.
         """
         STRING = u"<strong>J'adore Citröns</strong> & <Piñatas> so there"
-        EXPECTED = u"J'adore Citröns & <Piñatas> so there"
+        EXPECTED = u"J'adore Citröns &  so there"
         self.data.update(comments=STRING)
         self.client.post(self.url_en, self.data)
         eq_(len(mail.outbox), 2)
@@ -593,7 +593,7 @@ def test_emails_not_escaped(self):
         Tags are still stripped, though.
         """
         STRING = u"<em>J'adore Citröns</em> & <Piñatas> so there"
-        EXPECTED = u"J'adore Citröns & <Piñatas> so there"
+        EXPECTED = u"J'adore Citröns &  so there"
         self.data.update(comments=STRING)
         self.client.post(self.url_en, self.data)
         eq_(len(mail.outbox), 2)

bedrock/press/templates/press/emails/speaker-request.txt

@@ -1,7 +1,7 @@
 A new speaker request form has been submitted with the following information:
 
 + Event Name
-{{ sr_event_name|strip_tags|safe }}
+{{ sr_event_name|bleach_tags|safe }}
 
 + Event URL
 {{ sr_event_url }}
@@ -15,29 +15,29 @@ Guest Speaker
 
 {% if sr_guest_speaker1 %}
 + Choice 1
-{{ sr_guest_speaker1|strip_tags|safe }}
+{{ sr_guest_speaker1|bleach_tags|safe }}
 {% endif %}
 {% if sr_guest_speaker2 %}
 
 + Choice 2
-{{ sr_guest_speaker2|strip_tags|safe }}
+{{ sr_guest_speaker2|bleach_tags|safe }}
 {% endif %}
 
 {% endif %}
 ------------------------------------
 Contact Information
 
 + Name
-{{ sr_contact_name|strip_tags|safe }}
+{{ sr_contact_name|bleach_tags|safe }}
 {% if sr_contact_title %}
 
 + Title
-{{ sr_contact_title|strip_tags|safe }}
+{{ sr_contact_title|bleach_tags|safe }}
 {% endif %}
 {% if sr_contact_company %}
 
 + Company
-{{ sr_contact_company|strip_tags|safe }}
+{{ sr_contact_company|bleach_tags|safe }}
 {% endif %}
 {% if sr_contact_phone %}
 
@@ -58,22 +58,22 @@ Event Details
 
 {% if sr_event_venue %}
 + Venue
-{{ sr_event_venue|strip_tags|safe }}
+{{ sr_event_venue|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_theme %}
 
 + Theme
-{{ sr_event_theme|strip_tags|safe }}
+{{ sr_event_theme|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_goal %}
 
 + Goal
-{{ sr_event_goal|strip_tags|safe }}
+{{ sr_event_goal|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_format %}
 
 + Format
-{{ sr_event_format|strip_tags|safe }}
+{{ sr_event_format|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_audience_size %}
 
@@ -83,32 +83,32 @@ Event Details
 {% if sr_event_audience_demographics %}
 
 + Audience Demographics
-{{ sr_event_audience_demographics|strip_tags|safe }}
+{{ sr_event_audience_demographics|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_speakers_confirmed %}
 
 + Confirmed Speakers
-{{ sr_event_speakers_confirmed|strip_tags|safe }}
+{{ sr_event_speakers_confirmed|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_speakers_invited %}
 
 + Invited Speakers
-{{ sr_event_speakers_invited|strip_tags|safe }}
+{{ sr_event_speakers_invited|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_speakers_past %}
 
 + Past Speakers
-{{ sr_event_speakers_past|strip_tags|safe }}
+{{ sr_event_speakers_past|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_media_coverage %}
 
 + Media Coverage
-{{ sr_event_media_coverage|strip_tags|safe }}
+{{ sr_event_media_coverage|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_sponsors %}
 
 + Event Sponsors
-{{ sr_event_sponsors|strip_tags|safe }}
+{{ sr_event_sponsors|bleach_tags|safe }}
 {% endif %}
 {% if sr_event_confirmation_deadline %}
 
@@ -126,12 +126,12 @@ Presentation Details
 {% if sr_presentation_panelists %}
 
 + Other Panelists
-{{ sr_presentation_panelists|strip_tags|safe }}
+{{ sr_presentation_panelists|bleach_tags|safe }}
 {% endif %}
 {% if sr_presentation_topic %}
 
 + Topic of Presentation
-{{ sr_presentation_topic|strip_tags|safe }}
+{{ sr_presentation_topic|bleach_tags|safe }}
 {% endif %}
 {% if sr_presentation_length %}
 

bedrock/press/tests.py

@@ -1,4 +1,4 @@
-# -*- coding: utf8 -*-
+# -*- coding: utf-8 -*-
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -245,7 +245,7 @@ def test_emails_not_escaped(self):
         """
 
         STRING1 = u"<blink>J'adore Citröns</blink> & <Piñatas> so there"
-        EXPECTED1 = u"J'adore Citröns & <Piñatas> so there"
+        EXPECTED1 = u"J'adore Citröns &  so there"
 
         STRING2 = u"J'adore Piñatas & <fromage> so here"
         EXPECTED2 = u"J'adore Piñatas &  so here"