archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Made markdown jinja filter None-safe

Browse Source
This commit is contained in:
Sybren A. Stüvel 2017-03-30 09:37:48 +02:00
parent 4c704c8cda
commit d8640df115
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pillar/web/jinja.py
View File

@ -1,6 +1,7 @@
"""Our custom Jinja filters and other template stuff.""" """Our custom Jinja filters and other template stuff."""
import logging import logging
import typing
import flask import flask
import jinja2.filters import jinja2.filters
@ -90,7 +91,13 @@ def do_pluralize(value, arg='s'):
return singular_suffix return singular_suffix
def do_markdown(s): def do_markdown(s: typing.Optional[str]):
if s is None:
return None
if not s:
return s
# FIXME: get rid of this filter altogether and cache HTML of comments. # FIXME: get rid of this filter altogether and cache HTML of comments.
safe_html = pillar.markdown.markdown(s) safe_html = pillar.markdown.markdown(s)
return jinja2.utils.Markup(safe_html) return jinja2.utils.Markup(safe_html)

21
tests/test_web/test_jinja.py Normal file
View File

@ -0,0 +1,21 @@
import unittest
class MarkdownTest(unittest.TestCase):
def test_happy(self):
from pillar.web import jinja
self.assertEqual('<p>je <strong>moeder</strong></p>',
jinja.do_markdown('je **moeder**').strip())
def test_bleached(self):
from pillar.web import jinja
self.assertEqual('&lt;script&gt;alert("hey");&lt;script&gt;',
jinja.do_markdown('<script>alert("hey");<script>').strip())
def test_degenerate(self):
from pillar.web import jinja
self.assertEqual(None, jinja.do_markdown(None))
self.assertEqual('', jinja.do_markdown(''))