Skip to content
Permalink
Browse files Browse the repository at this point in the history
Sanitize HTML to avoid XSS attacks
  • Loading branch information
stefanor committed Dec 7, 2018
1 parent ed255d2 commit a0fe129
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
2 changes: 2 additions & 0 deletions requirements.txt
Expand Up @@ -2,6 +2,8 @@ Django==1.11.17
Markdown==2.6.11
Pygments==2.2.0
boto==2.48.0
bleach==2.1.4
bleach-whitelist==0.0.9
celery==4.1.1
django-crispy-forms==1.6.1
django-nose==1.4.5
Expand Down
5 changes: 5 additions & 0 deletions yolapi/pypi/metadata.py
Expand Up @@ -3,6 +3,8 @@
from django.utils.html import format_html
from django.utils.safestring import mark_safe

import bleach
from bleach_whitelist import print_tags, print_attrs, all_styles
from docutils.core import publish_parts
from markdown import markdown
from mdx_gfm import GithubFlavoredMarkdownExtension
Expand Down Expand Up @@ -144,4 +146,7 @@ def render_description(text, content_type):
else:
html = format_html('<pre>{}</pre>', text)

html = bleach.clean(
html, print_tags + ['a', 'cite', 'pre'], print_attrs, all_styles)

return mark_safe(html)

0 comments on commit a0fe129

Please sign in to comment.