indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Secure the profile description

merge-requests/30/head
Bob Mottram 2023-07-28 14:33:42 +01:00
parent 1f9ffc56d5
commit b094b4d6c8
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
webapp_profile.py
View File

@ -273,6 +273,8 @@ def html_profile_after_search(recent_posts_cache: {}, max_recent_posts: int,
if not dangerous_markup(profile_json['summary'], if not dangerous_markup(profile_json['summary'],
False, []): False, []):
profile_description = profile_json['summary'] profile_description = profile_json['summary']
else:
profile_description = remove_html(profile_json['summary'])
profile_description = \ profile_description = \
add_emoji_to_display_name(session, base_dir, http_prefix, add_emoji_to_display_name(session, base_dir, http_prefix,
nickname, domain, nickname, domain,
@ -817,7 +819,10 @@ def html_profile(signing_priv_key_pem: str,
nickname, domain, nickname, domain,
display_name, False, translate) display_name, False, translate)
domain_full = get_full_domain(domain, port) domain_full = get_full_domain(domain, port)
profile_description = profile_json['summary'] if not dangerous_markup(profile_json['summary'], False, []):
profile_description = profile_json['summary']
else:
profile_description = remove_html(profile_json['summary'])
profile_description = \ profile_description = \
add_emoji_to_display_name(session, base_dir, http_prefix, add_emoji_to_display_name(session, base_dir, http_prefix,
nickname, domain, nickname, domain,