-
Notifications
You must be signed in to change notification settings - Fork 325
[1.6] Sanitize render_markdown() output with nh3 library #5134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Co-authored-by: Hanlin Miao <46973263+HanlinMiao@users.noreply.github.com>
| html = clean_html(html) | ||
|
|
||
| return mark_safe(html) # noqa: S308 # suspicious-mark-safe-usage, OK here since we sanitized the string earlier |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not blocking, but I wonder if clean_html should return a safe string?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe so - can revisit this once we have more than a single consumer of clean_html to think about?
What's Changed
1.6 backport of #5133. Some code location changes (e.g.
nautobot/utilitiesvsnautobot/core) but otherwise the same code.Screenshots
TODO