Django 1.6.9 #2635

Merged
merged 2 commits into from Jan 12, 2015

Projects

None yet

3 participants

@jgmize
Member
jgmize commented Jan 10, 2015

This supersedes #2634

@jgmize
Member
jgmize commented Jan 10, 2015

I pushed this to demo4 for testing and successfully ran the mcom-tests suite against it. I think we're good to go with these changes, but we may want to do a little more manual testing against demo4 before merging to be sure.

@pmclanahan pmclanahan commented on the diff Jan 10, 2015
.gitmodules
@@ -61,3 +61,12 @@
[submodule "vendor-local/src/django-filter"]
path = vendor-local/src/django-filter
url = https://github.com/alex/django-filter.git
+[submodule "vendor-local/src/django"]
+ path = vendor-local/src/django
+ url = git://github.com/django/django.git
+[submodule "vendor-local/src/bleach"]
@pmclanahan
pmclanahan Jan 10, 2015 Member

Version in vendor too old?

@jgmize
jgmize Jan 10, 2015 Member

Right, I got an error when trying to use it with the latest bleach.

@pmclanahan
Member

Good to have better bleach and the bleach_tags helper, but probably not necessary for this. I'm fine w/ it though if it works and stabilizes the tests.

@jgmize
Member
jgmize commented Jan 10, 2015

You're probably right about bleach being overkill for plain text emails, and in hindsight I probably shouldn't have bothered, but now that the work is done I don't think it hurts anything to have that extra bit of protection.

@pmclanahan pmclanahan commented on the diff Jan 12, 2015
bedrock/mozorg/helpers/misc.py
@@ -517,3 +518,8 @@ def slugify(text):
trailing whitespace.
"""
return django_slugify(text)
+
+
+@jingo.register.filter
+def bleach_tags(text):
+ return bleach.clean(text, tags=[], strip=True).replace('&', '&')
@pmclanahan
pmclanahan Jan 12, 2015 Member

Maybe bleach_tags should return a safe string so we don't need all these safe filters? Is bleach the thing converting ampersands?

@jgmize
jgmize Jan 12, 2015 Member

I thought about that, and then assumed that the explicit |safe was a good thing, but maybe doing that together with renaming to bleach_safe?

Yes, bleach.clean() converts ampersands and I didn't see a way to tell it not to, so I just convert them back.

@pmclanahan
pmclanahan Jan 12, 2015 Member

Sounds good. Marking as safe is:

from jinja2 import Markup

def bleach_safe(text):
    return Markup(bleach.clean(text, tags=[], strip=True).replace('&', '&'))
@pmclanahan
pmclanahan Jan 12, 2015 Member

I'm happy to do this and resubmit if you're busy.

@pmclanahan
Member

I think it'd be nice to mark the return of the new bleach_tags as safe (since it is) and remove all of the safe filters where it's used. It's not a requirement though.

r+wc

pmac and others added some commits Jan 9, 2015
@pmac @jgmize pmac Bug 1119312: Upgrade Django to 1.6.9
Also fixes some tests that were failing after upgrade.
Code was relying on Django's strip_tags filter which has
changed and now ignores things that obviously aren't HTML tags

Updated to latest playdoh-lib which includes fixes for Django 1.6
in funfactory.
016fc02
@jgmize jgmize Add and use bleach_tags filter and fix tests
Add bleach and upgraded html5lib submodules
Replace all instances of strip_tags|safe with bleach_tags|safe
Fix tests
a683548
@jgmize jgmize merged commit b2e4496 into master Jan 12, 2015

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details
@jgmize jgmize deleted the django-1.6.9 branch Jan 12, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment