Don't remove html, but check for dangerous markup

2021-02-26 12:58:29 +00:00 · 2021-02-26 12:58:29 +00:00 · 51ff0fb438
parent 2bb116ceed
commit 51ff0fb438
1 changed files with 4 additions and 2 deletions
--- a/webapp_timeline.py
+++ b/webapp_timeline.py
@ -9,7 +9,7 @@ __status__ = "Production"
 import os
 import time
 from shutil import copyfile
-from utils import removeHtml
+from utils import dangerousMarkup
 from utils import getConfigParam
 from utils import getFullDomain
 from utils import isEditor
@ -72,9 +72,11 @@ def _getHelpForTimeline(baseDir: str, boxName: str) -> str:
            instanceTitle = 'Epicyon'
        with open(helpFilename, 'r') as helpFile:
            helpText = helpFile.read()
+            if dangerousMarkup(helpText, False):
+                return ''
            helpText = helpText.replace('INSTANCE', instanceTitle)
            return '<div class="container">\n' + \
-                markdownToHtml(removeHtml(helpText)) + '\n' + \
+                markdownToHtml(helpText) + '\n' + \
                '</div>\n'
    return ''