NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-23 04:22:01 -06:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Closes #3471: Disallow raw HTML in Markdown-rendered fields

Browse Source
This commit is contained in:
Jeremy Stretch 2019-10-09 14:47:40 -04:00
parent 7a65930361
commit 738368a6a1
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -11,6 +11,7 @@ v2.6.6 (FUTURE)
* [#1941](https://github.com/netbox-community/netbox/issues/1941) - Add InfiniBand interface types
* [#3259](https://github.com/netbox-community/netbox/issues/3259) - Add `rack` and `site` filters for cables
* [#3471](https://github.com/netbox-community/netbox/issues/3471) - Disallow raw HTML in Markdown-rendered fields
* [#3563](https://github.com/netbox-community/netbox/issues/3563) - Enable editing of individual DeviceType components
* [#3580](https://github.com/netbox-community/netbox/issues/3580) - Render text and URL fields as textareas in the custom link form

6
netbox/utilities/templatetags/helpers.py
View File

@ -3,6 +3,7 @@ import json
import re
from django import template
from django.utils.html import strip_tags
from django.utils.safestring import mark_safe
from markdown import markdown
@ -58,7 +59,12 @@ def gfm(value):
"""
Render text as GitHub-Flavored Markdown
"""
# Strip HTML tags
value = strip_tags(value)
# Render Markdown with GFM extension
html = markdown(value, extensions=['mdx_gfm'])
return mark_safe(html)