Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Django 1.6.9 #2635

Merged
merged 2 commits into from Jan 12, 2015
Merged

Django 1.6.9 #2635

merged 2 commits into from Jan 12, 2015

Conversation

@jgmize
Copy link
Contributor

@jgmize jgmize commented Jan 10, 2015

This supersedes #2634

@jgmize
Copy link
Contributor Author

@jgmize jgmize commented Jan 10, 2015

I pushed this to demo4 for testing and successfully ran the mcom-tests suite against it. I think we're good to go with these changes, but we may want to do a little more manual testing against demo4 before merging to be sure.

[submodule "vendor-local/src/django"]
path = vendor-local/src/django
url = git://github.com/django/django.git
[submodule "vendor-local/src/bleach"]

This comment has been minimized.

@pmclanahan

pmclanahan Jan 10, 2015
Member

Version in vendor too old?

This comment has been minimized.

@jgmize

jgmize Jan 10, 2015
Author Contributor

Right, I got an error when trying to use it with the latest bleach.

@pmclanahan
Copy link
Member

@pmclanahan pmclanahan commented Jan 10, 2015

Good to have better bleach and the bleach_tags helper, but probably not necessary for this. I'm fine w/ it though if it works and stabilizes the tests.

@jgmize
Copy link
Contributor Author

@jgmize jgmize commented Jan 10, 2015

You're probably right about bleach being overkill for plain text emails, and in hindsight I probably shouldn't have bothered, but now that the work is done I don't think it hurts anything to have that extra bit of protection.


@jingo.register.filter
def bleach_tags(text):
return bleach.clean(text, tags=[], strip=True).replace('&', '&')

This comment has been minimized.

@pmclanahan

pmclanahan Jan 12, 2015
Member

Maybe bleach_tags should return a safe string so we don't need all these safe filters? Is bleach the thing converting ampersands?

This comment has been minimized.

@jgmize

jgmize Jan 12, 2015
Author Contributor

I thought about that, and then assumed that the explicit |safe was a good thing, but maybe doing that together with renaming to bleach_safe?

Yes, bleach.clean() converts ampersands and I didn't see a way to tell it not to, so I just convert them back.

This comment has been minimized.

@pmclanahan

pmclanahan Jan 12, 2015
Member

Sounds good. Marking as safe is:

from jinja2 import Markup

def bleach_safe(text):
    return Markup(bleach.clean(text, tags=[], strip=True).replace('&', '&'))

This comment has been minimized.

@pmclanahan

pmclanahan Jan 12, 2015
Member

I'm happy to do this and resubmit if you're busy.

@pmclanahan
Copy link
Member

@pmclanahan pmclanahan commented Jan 12, 2015

I think it'd be nice to mark the return of the new bleach_tags as safe (since it is) and remove all of the safe filters where it's used. It's not a requirement though.

r+wc

pmac and others added 2 commits Jan 9, 2015
Also fixes some tests that were failing after upgrade.
Code was relying on Django's strip_tags filter which has
changed and now ignores things that obviously aren't HTML tags

Updated to latest playdoh-lib which includes fixes for Django 1.6
in funfactory.
Add bleach and upgraded html5lib submodules
Replace all instances of strip_tags|safe with bleach_tags|safe
Fix tests
@jgmize jgmize force-pushed the django-1.6.9 branch from 85a83d8 to a683548 Jan 12, 2015
jgmize added a commit that referenced this pull request Jan 12, 2015
@jgmize jgmize merged commit b2e4496 into master Jan 12, 2015
1 check passed
1 check passed
@jgmize
continuous-integration/travis-ci The Travis CI build passed
Details
@jgmize jgmize deleted the django-1.6.9 branch Jan 12, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants