Switch from django-markdown-deux to a pipeline thru markdown for rendering + bleach for sanitising

This commit is contained in:
Danielle McLean 2017-10-26 14:40:29 +11:00
parent 93be2f5a32
commit 8f8e53bb27
Signed by untrusted user: 00dani
GPG key ID: 5A5D2D1AFF12EEC5
7 changed files with 58 additions and 64 deletions

View file

@ -7,11 +7,11 @@ name = "pypi"
[packages]
django = "*"
django-compressor = "*"
Django = "*"
django_compressor = "*"
gunicorn = "*"
"psycopg2" = "*"
pillow = "*"
Pillow = "*"
python-memcached = "*"
django-favicon-plus = "*"
django-meta = "*"
@ -21,8 +21,9 @@ django-otp = "*"
qrcode = "*"
django-otp-agents = "*"
python-slugify = "*"
django-markdown-deux = "*"
"mf2py" = "*"
Markdown = "*"
bleach = "*"
[dev-packages]

21
Pipfile.lock generated
View file

@ -1,7 +1,7 @@
{
"_meta": {
"hash": {
"sha256": "ead57b340efa8b663100364efa6b9037299456bb3e37d533b6d7c4404608749c"
"sha256": "500facb148117065fc6e7d207f81bdc88a0f9b3c18e48e0f1b08542143775649"
},
"host-environment-markers": {
"implementation_name": "cpython",
@ -35,6 +35,13 @@
],
"version": "==4.6.0"
},
"bleach": {
"hashes": [
"sha256:7a316eac1eef1e98b9813636ebe05878aab1a658d2708047fb00fe2bcbc49f84",
"sha256:760a9368002180fb8a0f4ea48dc6275378e6f311c39d0236d7b904fca1f5ea0d"
],
"version": "==2.1.1"
},
"certifi": {
"hashes": [
"sha256:54a07c09c586b0e4c619f02a5e94e36619da8e2b053e20f594348c0611803704",
@ -102,12 +109,6 @@
],
"version": "==0.0.7"
},
"django-markdown-deux": {
"hashes": [
"sha256:5b4a3cd9454af5b4cec0e19151b41d98d09400ddae0688afb81dbf62a4edafff"
],
"version": "==1.0.5"
},
"django-meta": {
"hashes": [
"sha256:2a5b8d95099f69fb9736630c4fbf4fcc2972a1fcd9c708a5bb72dde22e84d8dd",
@ -189,11 +190,11 @@
],
"version": "==4.1.0"
},
"markdown2": {
"markdown": {
"hashes": [
"sha256:264731e7625402227ff6fb01f2d814882da7705432659a18a419c508e8bfccb1"
"sha256:73af797238b95768b3a9b6fe6270e250e5c09d988b8e5b223fd5efa4e06faf81"
],
"version": "==2.3.4"
"version": "==2.6.9"
},
"mf2py": {
"hashes": [

View file

@ -1,4 +1,4 @@
{% load humanize markdown_deux_tags %}<article class="card h-entry">
{% load humanize markdown %}<article class="card h-entry">
<div class="card-body">
{% if entry.name %}<h4 class="card-title p-name">{{ entry.name }}</h4>{% endif %}
<div class="e-content{% if not entry.name %} p-name{% endif %}">{{ entry.content | markdown }}</div>

View file

@ -1,5 +1,5 @@
{% extends 'lemoncurry/layout.html' %}
{% load markdown_deux_tags static %}
{% load markdown static %}
{% block html_class %}h-feed{% endblock %}
{% block styles %}
<link rel="stylesheet" type="text/stylus" href="{% static 'home/css/index.styl' %}" />
@ -22,7 +22,7 @@
</a>
</h6>
{% endfor %}
{% if user.note %}<div class="p-note">{{ user.note | markdown:'trusted' }}</div>{% endif %}
{% if user.note %}<div class="p-note">{{ user.note | markdown }}</div>{% endif %}
</div>
<div class="card-footer">

View file

@ -73,7 +73,6 @@ INSTALLED_APPS = [
'django_otp',
'django_otp.plugins.otp_totp',
'favicon',
'markdown_deux',
'meta',
'lemoncurry',
@ -208,52 +207,6 @@ AGENT_COOKIE_SECURE = True
# https://django-otp-official.readthedocs.io/en/latest/overview.html
OTP_TOTP_ISSUER = LEMONCURRY_SITE_NAME
# django-markdown-deux
# https://github.com/trentm/django-markdown-deux
def copy_update(source_dict, **kwargs):
copy = source_dict.copy()
copy.update(**kwargs)
return copy
link_patterns = [(re.compile(pat), rep) for (pat, rep) in (
# autolink actual URLs in text
(
r'((([A-Za-z]{3,9}:(?:\/\/)?)' + # scheme
r'(?:[\-;:&=\+\$,\w]+@)?' + # basic auth
r'[A-Za-z0-9\.\-]+(:[0-9]+)?' + # ip address
r'|(?:www\.|[\-;:&=\+\$,\w]+@)[A-Za-z0-9\.\-]+)' + # or hostname
r'((?:\/[\+~%\/\.\w\-_]*)?\??(?:[\-\+=&;%@\.\w_]*)' + # path
r'#?(?:[\.\!\/\\\w]*))?)', # hash
r'\1'
),
)]
MARKDOWN_DEUX_DEFAULT_STYLE = {
'extras': (
'code-friendly',
'cuddled-lists',
'fenced-code-blocks',
'footnotes',
'header-ids',
'spoiler',
'tag-friendly',
),
'link_patterns': link_patterns,
'safe_mode': 'escape',
}
MARKDOWN_DEUX_STYLES = {
'default': MARKDOWN_DEUX_DEFAULT_STYLE,
'trusted': copy_update(
MARKDOWN_DEUX_DEFAULT_STYLE,
link_patterns=[],
safe_mode=False,
),
}
# django-meta
# https://django-meta.readthedocs.io/en/latest/settings.html
META_SITE_PROTOCOL = 'https'

View file

@ -0,0 +1,21 @@
from django import template
from django.template.defaultfilters import stringfilter
from django.utils.safestring import mark_safe
from bleach.sanitizer import Cleaner, ALLOWED_TAGS
from bleach.linkifier import LinkifyFilter
tags = ['code', 'p']
tags.extend(ALLOWED_TAGS)
attributes = {
'a': ('href', 'title', 'class')
}
register = template.Library()
cleaner = Cleaner(tags=tags, attributes=attributes, filters=(LinkifyFilter,))
@register.filter
@stringfilter
def bleach(html):
return mark_safe(cleaner.clean(html))

View file

@ -0,0 +1,18 @@
from django import template
from markdown import Markdown
from .bleach import bleach
md = Markdown(extensions=(
'markdown.extensions.extra',
'markdown.extensions.headerid',
'markdown.extensions.sane_lists',
'markdown.extensions.smarty',
))
register = template.Library()
@register.filter
def markdown(source):
return bleach(md.reset().convert(source))