Filter out html by default in REST API docs

fixes #5009 https://pulp.plan.io/issues/5009
pulp · Sep 18, 2019 · 091ac98 · 091ac98
1 parent 5cead4d
commit 091ac98
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGES/5009.removal b/CHANGES/5009.removal
@@ -0,0 +1 @@
+By default, html in field descriptions filtered out in REST API docs unless 'include_html' is set.
diff --git a/pulpcore/app/openapigenerator.py b/pulpcore/app/openapigenerator.py
@@ -2,6 +2,7 @@
 from collections import OrderedDict
 
 import uritemplate
+from django.utils.html import strip_tags
 from drf_yasg import openapi
 from drf_yasg.generators import OpenAPISchemaGenerator
 from drf_yasg.inspectors import SwaggerAutoSchema
@@ -283,6 +284,10 @@ def get_operation(self, operation_keys):
         else:
             operation_id = self.get_operation_id(operation_keys)
         summary, description = self.get_summary_and_description()
+
+        if "include_html" not in self.request.query_params:
+            description = strip_tags(description)
+
         security = self.get_security()
         assert security is None or isinstance(security, list), "security must be a list of " \
                                                                "security requirement objects"