Switch from django-markdown-deux to a pipeline thru markdown for rendering + bleach for sanitising

2017-10-26 14:40:29 +11:00 · 2017-10-26 14:40:29 +11:00 · 8f8e53bb27
commit 8f8e53bb27
parent 93be2f5a32
7 changed files with 58 additions and 64 deletions
--- a/lemoncurry/settings/base.py
+++ b/lemoncurry/settings/base.py
@ -73,7 +73,6 @@ INSTALLED_APPS = [
    'django_otp',
    'django_otp.plugins.otp_totp',
    'favicon',
-    'markdown_deux',
    'meta',

    'lemoncurry',
@ -208,52 +207,6 @@ AGENT_COOKIE_SECURE = True
 # https://django-otp-official.readthedocs.io/en/latest/overview.html
 OTP_TOTP_ISSUER = LEMONCURRY_SITE_NAME

-
-# django-markdown-deux
-# https://github.com/trentm/django-markdown-deux
-def copy_update(source_dict, **kwargs):
-    copy = source_dict.copy()
-    copy.update(**kwargs)
-    return copy
-
-
-link_patterns = [(re.compile(pat), rep) for (pat, rep) in (
-    # autolink actual URLs in text
-    (
-        r'((([A-Za-z]{3,9}:(?:\/\/)?)' +  # scheme
-        r'(?:[\-;:&=\+\$,\w]+@)?' +  # basic auth
-        r'[A-Za-z0-9\.\-]+(:[0-9]+)?' +  # ip address
-        r'|(?:www\.|[\-;:&=\+\$,\w]+@)[A-Za-z0-9\.\-]+)' +  # or hostname
-        r'((?:\/[\+~%\/\.\w\-_]*)?\??(?:[\-\+=&;%@\.\w_]*)' +  # path
-        r'#?(?:[\.\!\/\\\w]*))?)',  # hash
-        r'\1'
-    ),
-)]
-
-
-MARKDOWN_DEUX_DEFAULT_STYLE = {
-    'extras': (
-        'code-friendly',
-        'cuddled-lists',
-        'fenced-code-blocks',
-        'footnotes',
-        'header-ids',
-        'spoiler',
-        'tag-friendly',
-    ),
-    'link_patterns': link_patterns,
-    'safe_mode': 'escape',
-}
-
-MARKDOWN_DEUX_STYLES = {
-    'default': MARKDOWN_DEUX_DEFAULT_STYLE,
-    'trusted': copy_update(
-        MARKDOWN_DEUX_DEFAULT_STYLE,
-        link_patterns=[],
-        safe_mode=False,
-    ),
-}
-
 # django-meta
 # https://django-meta.readthedocs.io/en/latest/settings.html
 META_SITE_PROTOCOL = 'https'
--- a/lemoncurry/templatetags/bleach.py
+++ b/lemoncurry/templatetags/bleach.py
@ -0,0 +1,21 @@
+from django import template
+from django.template.defaultfilters import stringfilter
+from django.utils.safestring import mark_safe
+
+from bleach.sanitizer import Cleaner, ALLOWED_TAGS
+from bleach.linkifier import LinkifyFilter
+
+tags = ['code', 'p']
+tags.extend(ALLOWED_TAGS)
+attributes = {
+    'a': ('href', 'title', 'class')
+}
+
+register = template.Library()
+cleaner = Cleaner(tags=tags, attributes=attributes, filters=(LinkifyFilter,))
+
+
+@register.filter
+@stringfilter
+def bleach(html):
+    return mark_safe(cleaner.clean(html))
--- a/lemoncurry/templatetags/markdown.py
+++ b/lemoncurry/templatetags/markdown.py
@ -0,0 +1,18 @@
+from django import template
+
+from markdown import Markdown
+from .bleach import bleach
+
+md = Markdown(extensions=(
+    'markdown.extensions.extra',
+    'markdown.extensions.headerid',
+    'markdown.extensions.sane_lists',
+    'markdown.extensions.smarty',
+))
+
+register = template.Library()
+
+
+@register.filter
+def markdown(source):
+    return bleach(md.reset().convert(source))