Cleanup more user exploitable input with bleach
My eyes hurt. More user exploitable XSS on inputs.
This commit is contained in:
Sachi King
parent
ade44d6a1b
commit
e1ce26eb62
1 changed files with 16 additions and 0 deletions
16
vendor/symposion/reviews/forms.py
vendored
16
vendor/symposion/reviews/forms.py
vendored
|
|
@ -1,3 +1,4 @@
|
|||
import bleach
|
||||
from django import forms
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
|
|
@ -19,6 +20,11 @@ class ReviewForm(forms.ModelForm):
|
|||
choices=VOTES.CHOICES
|
||||
)
|
||||
|
||||
def clean_comment(self):
|
||||
comment = self.cleaned_data.get('comment')
|
||||
cleaned_comment = bleach.clean(comment)
|
||||
return cleaned_comment
|
||||
|
||||
|
||||
class ReviewCommentForm(forms.ModelForm):
|
||||
|
||||
|
|
@ -28,6 +34,11 @@ class ReviewCommentForm(forms.ModelForm):
|
|||
model = Comment
|
||||
fields = ["text"]
|
||||
|
||||
def clean_text(self):
|
||||
text = self.cleaned_data.get('text')
|
||||
cleaned_text = bleach.clean(text)
|
||||
return cleaned_text
|
||||
|
||||
|
||||
class SpeakerCommentForm(forms.ModelForm):
|
||||
|
||||
|
|
@ -37,6 +48,11 @@ class SpeakerCommentForm(forms.ModelForm):
|
|||
model = ProposalMessage
|
||||
fields = ["message"]
|
||||
|
||||
def clean_message(self):
|
||||
message = self.cleaned_data.get('message')
|
||||
cleaned_message = bleach.clean(message)
|
||||
return cleaned_message
|
||||
|
||||
|
||||
class BulkPresentationForm(forms.Form):
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue