From d48a68317d395538924c6d63473acb4ec0700be1 Mon Sep 17 00:00:00 2001 From: jeremystretch Date: Wed, 27 Oct 2021 08:41:28 -0400 Subject: [PATCH] Fixes #7612: Strip HTML from custom field descriptions --- docs/release-notes/version-3.0.md | 4 ++++ netbox/extras/models/customfields.py | 3 ++- netbox/templates/inc/custom_fields_panel.html | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/version-3.0.md b/docs/release-notes/version-3.0.md index 69d8b8456..476c185ae 100644 --- a/docs/release-notes/version-3.0.md +++ b/docs/release-notes/version-3.0.md @@ -2,6 +2,10 @@ ## v3.0.9 (FUTURE) +### Bug Fixes + +* [#7612](https://github.com/netbox-community/netbox/issues/7612) - Strip HTML from custom field descriptions + --- ## v3.0.8 (2021-10-20) diff --git a/netbox/extras/models/customfields.py b/netbox/extras/models/customfields.py index d8e2e11c9..2f5f2fc6b 100644 --- a/netbox/extras/models/customfields.py +++ b/netbox/extras/models/customfields.py @@ -7,6 +7,7 @@ from django.contrib.postgres.fields import ArrayField from django.core.validators import RegexValidator, ValidationError from django.db import models from django.urls import reverse +from django.utils.html import strip_tags from django.utils.safestring import mark_safe from extras.choices import * @@ -287,7 +288,7 @@ class CustomField(ChangeLoggedModel): field.model = self field.label = str(self) if self.description: - field.help_text = self.description + field.help_text = strip_tags(self.description) return field diff --git a/netbox/templates/inc/custom_fields_panel.html b/netbox/templates/inc/custom_fields_panel.html index fd0379961..ed673db08 100644 --- a/netbox/templates/inc/custom_fields_panel.html +++ b/netbox/templates/inc/custom_fields_panel.html @@ -8,7 +8,7 @@ {% for field, value in custom_fields.items %} - +
{{ field }}{{ field }} {% if field.type == 'boolean' and value == True %}