Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup more user exploitable input with bleach

Browse source 
My eyes hurt.  More user exploitable XSS on inputs.
This commit is contained in:
Sachi King 2017-08-07 20:10:12 +10:00
parent ade44d6a1b
commit e1ce26eb62
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
vendor/symposion/reviews/forms.py vendored
View file

@ -1,3 +1,4 @@
import bleach
from django import forms from django import forms
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
@ -19,6 +20,11 @@ class ReviewForm(forms.ModelForm):
choices=VOTES.CHOICES choices=VOTES.CHOICES
) )
def clean_comment(self):
comment = self.cleaned_data.get('comment')
cleaned_comment = bleach.clean(comment)
return cleaned_comment
class ReviewCommentForm(forms.ModelForm): class ReviewCommentForm(forms.ModelForm):
@ -28,6 +34,11 @@ class ReviewCommentForm(forms.ModelForm):
model = Comment model = Comment
fields = ["text"] fields = ["text"]
def clean_text(self):
text = self.cleaned_data.get('text')
cleaned_text = bleach.clean(text)
return cleaned_text
class SpeakerCommentForm(forms.ModelForm): class SpeakerCommentForm(forms.ModelForm):
@ -37,6 +48,11 @@ class SpeakerCommentForm(forms.ModelForm):
model = ProposalMessage model = ProposalMessage
fields = ["message"] fields = ["message"]
def clean_message(self):
message = self.cleaned_data.get('message')
cleaned_message = bleach.clean(message)
return cleaned_message
class BulkPresentationForm(forms.Form): class BulkPresentationForm(forms.Form):