Conversation
|
I pushed this to demo4 for testing and successfully ran the mcom-tests suite against it. I think we're good to go with these changes, but we may want to do a little more manual testing against demo4 before merging to be sure. |
There was a problem hiding this comment.
Version in vendor too old?
There was a problem hiding this comment.
Right, I got an error when trying to use it with the latest bleach.
|
Good to have better bleach and the |
|
You're probably right about bleach being overkill for plain text emails, and in hindsight I probably shouldn't have bothered, but now that the work is done I don't think it hurts anything to have that extra bit of protection. |
There was a problem hiding this comment.
Maybe bleach_tags should return a safe string so we don't need all these safe filters? Is bleach the thing converting ampersands?
There was a problem hiding this comment.
I thought about that, and then assumed that the explicit |safe was a good thing, but maybe doing that together with renaming to bleach_safe?
Yes, bleach.clean() converts ampersands and I didn't see a way to tell it not to, so I just convert them back.
There was a problem hiding this comment.
Sounds good. Marking as safe is:
from jinja2 import Markup
def bleach_safe(text):
return Markup(bleach.clean(text, tags=[], strip=True).replace('&', '&'))There was a problem hiding this comment.
I'm happy to do this and resubmit if you're busy.
|
I think it'd be nice to mark the return of the new r+wc |
Also fixes some tests that were failing after upgrade. Code was relying on Django's strip_tags filter which has changed and now ignores things that obviously aren't HTML tags Updated to latest playdoh-lib which includes fixes for Django 1.6 in funfactory.
Add bleach and upgraded html5lib submodules Replace all instances of strip_tags|safe with bleach_tags|safe Fix tests
3 participants
This supersedes #2634