From 345c6f7c8524dbe4a9fc83dbab47081ae1238a58 Mon Sep 17 00:00:00 2001
From: zhark01 <zhark@umich.edu>
Date: Sat, 5 Dec 2020 15:23:54 -0500
Subject: [PATCH] widgets: Add support for clickable links.

The change was made to support links in polls, as mentioned in
issue #12947. We used markdown renderer to render
the link content, and parsed out any unnecessary p tags.
We changed javascript and hbs files so that they properly
render the content. Tested locally whether the links work,
in addition to checking for XSS vulnerbilities.
Everything tested worked, and no vulnerabilities
discovered. Double check that there are no XSS
issues.

Fixes: #12947
---
 static/templates/widgets/poll_widget_results.hbs | 2 +-
 zerver/lib/actions.py                            | 3 +--
 zerver/lib/widget.py                             | 4 ++--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/static/templates/widgets/poll_widget_results.hbs b/static/templates/widgets/poll_widget_results.hbs
index 062851d8738a5b..158e7d8eb72bf2 100644
--- a/static/templates/widgets/poll_widget_results.hbs
+++ b/static/templates/widgets/poll_widget_results.hbs
@@ -8,4 +8,4 @@
     <span class="poll-names">({{ names }})</span>
     {{/if}}
 </li>
-{{/each}}
\ No newline at end of file
+{{/each}}
diff --git a/zerver/lib/actions.py b/zerver/lib/actions.py
index fa31acf8bf1487..e9f7398ee85678 100644
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -1,5 +1,6 @@
 import datetime
 import itertools
+import json
 import logging
 import os
 import time
@@ -37,7 +38,6 @@
 from psycopg2.extras import execute_values
 from psycopg2.sql import SQL
 from typing_extensions import TypedDict
-import json
 
 from analytics.lib.counts import COUNT_STATS, RealmCount, do_increment_logging_stat
 from analytics.models import StreamCount
@@ -1819,7 +1819,6 @@ def do_add_submessage(realm: Realm,
         content=content,
     )
     submessage.save()
-    print("here")
     event = dict(
         type="submessage",
         msg_type=msg_type,
diff --git a/zerver/lib/widget.py b/zerver/lib/widget.py
index 675b0f76a56fcd..e77e72848bbcb6 100644
--- a/zerver/lib/widget.py
+++ b/zerver/lib/widget.py
@@ -2,9 +2,9 @@
 import re
 from typing import Any, MutableMapping, Optional, Tuple
 
-from zerver.models import SubMessage
 from zerver.lib.markdown import markdown_convert
-from zerver.models import get_realm
+from zerver.models import SubMessage, get_realm
+
 
 def filter_and_render_string(input: str) -> str:
     # Run through the markdown engine so that links will work