From e1ce26eb626f930266a51efceb02ab0428fb3b5b Mon Sep 17 00:00:00 2001
From: Sachi King <nakato@nakato.io>
Date: Mon, 7 Aug 2017 20:10:12 +1000
Subject: [PATCH] Cleanup more user exploitable input with bleach

My eyes hurt.  More user exploitable XSS on inputs.
---
 vendor/symposion/reviews/forms.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/vendor/symposion/reviews/forms.py b/vendor/symposion/reviews/forms.py
index 426bab88..f60ba2b7 100644
--- a/vendor/symposion/reviews/forms.py
+++ b/vendor/symposion/reviews/forms.py
@@ -1,3 +1,4 @@
+import bleach
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 
@@ -19,6 +20,11 @@ class ReviewForm(forms.ModelForm):
             choices=VOTES.CHOICES
         )
 
+    def clean_comment(self):
+        comment = self.cleaned_data.get('comment')
+        cleaned_comment = bleach.clean(comment)
+        return cleaned_comment
+
 
 class ReviewCommentForm(forms.ModelForm):
 
@@ -28,6 +34,11 @@ class ReviewCommentForm(forms.ModelForm):
         model = Comment
         fields = ["text"]
 
+    def clean_text(self):
+        text = self.cleaned_data.get('text')
+        cleaned_text = bleach.clean(text)
+        return cleaned_text
+
 
 class SpeakerCommentForm(forms.ModelForm):
 
@@ -37,6 +48,11 @@ class SpeakerCommentForm(forms.ModelForm):
         model = ProposalMessage
         fields = ["message"]
 
+    def clean_message(self):
+        message = self.cleaned_data.get('message')
+        cleaned_message = bleach.clean(message)
+        return cleaned_message
+
 
 class BulkPresentationForm(forms.Form):