[#1624] Allowed html in CKEditor, remove-slashes at render time

maykinmedia · Sep 4, 2023 · 81939e9 · 81939e9
1 parent c4160d8
commit 81939e9
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 17 deletions.
diff --git a/src/open_inwoner/pdc/models/product.py b/src/open_inwoner/pdc/models/product.py
@@ -210,14 +210,6 @@ def get_absolute_url(self, category=None):
     def has_cta_tag(self):
         return "\[CTABUTTON\]" in self.content
 
-    def save(self, *args, **kwargs):
-        # - remove weird undocumented \\< escape/prefix generated by CKeditor
-        #       \\<button>Ok\\</button> -> <button>Ok</button>
-        # - strip tags to kill html
-        # - save markdown and render to html later
-        self.content = strip_tags(self.content.replace("\\<", "<"))
-        super().save()
-
 
 class ProductFile(models.Model):
     product = models.ForeignKey(

diff --git a/src/open_inwoner/pdc/tests/test_product.py b/src/open_inwoner/pdc/tests/test_product.py
@@ -1,3 +1,5 @@
+from html import escape
+
 from django.test import override_settings
 from django.urls import reverse
 
@@ -287,9 +289,9 @@ def test_content_html_escape(self):
             reverse("products:product_detail", kwargs={"slug": product.slug})
         )
 
-        self.assertNotContains(response, "<b>world</b>")
-        self.assertNotContains(response, "&lt;b&gt;world&lt;/b&gt;")
-        self.assertContains(response, "hello world")
+        self.assertNotContains(response, "hello world")
+        self.assertNotContains(response, escape("<b>world"))
+        self.assertContains(response, "hello <b>world</b>")
         self.assertContains(response, "<strong>test</strong>")
 
 

diff --git a/src/open_inwoner/utils/ckeditor.py b/src/open_inwoner/utils/ckeditor.py
@@ -1,5 +1,3 @@
-import html
-
 from django.utils.text import slugify
 from django.utils.translation import gettext as _
 
@@ -28,8 +26,10 @@ def get_rendered_content(content):
     Takes object's content as an input and returns the rendered one.
     """
     md = markdown.Markdown(extensions=["tables"])
-    html_string = md.convert(html.escape(content))
-    soup = BeautifulSoup(html_string, "html.parser")
+    # remove weird undocumented \\< escape/prefix generated by CKeditor
+    content = content.replace("\\<", "<")
+    html = md.convert(content)
+    soup = BeautifulSoup(html, "html.parser")
 
     for tag, class_name in CLASS_ADDERS:
         for element in soup.find_all(tag):
@@ -45,8 +45,10 @@ def get_product_rendered_content(product):
     Takes product's content as an input and returns the rendered one.
     """
     md = markdown.Markdown(extensions=["tables"])
-    html_string = md.convert(product.content)
-    soup = BeautifulSoup(html_string, "html.parser")
+    # remove weird undocumented \\< escape/prefix generated by CKeditor
+    content = product.content.replace("\\<", "<")
+    html = md.convert(content)
+    soup = BeautifulSoup(html, "html.parser")
 
     for tag, class_name in CLASS_ADDERS:
         for element in soup.find_all(tag):