mirror of
https://github.com/netbox-community/netbox.git
synced 2025-07-21 19:47:20 -06:00
Added HTML Sanitization to the custom fields
This commit is contained in:
parent
a2e84dd279
commit
f874e9932d
@ -1,4 +1,5 @@
|
|||||||
from dataclasses import dataclass
|
from dataclasses import dataclass
|
||||||
|
from glob import escape
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
import django_tables2 as tables
|
import django_tables2 as tables
|
||||||
@ -433,21 +434,21 @@ class CustomFieldColumn(tables.Column):
|
|||||||
|
|
||||||
def render(self, value):
|
def render(self, value):
|
||||||
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is True:
|
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is True:
|
||||||
return mark_safe('<i class="mdi mdi-check-bold text-success"></i>')
|
return escape('<i class="mdi mdi-check-bold text-success"></i>')
|
||||||
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is False:
|
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is False:
|
||||||
return mark_safe('<i class="mdi mdi-close-thick text-danger"></i>')
|
return escape('<i class="mdi mdi-close-thick text-danger"></i>')
|
||||||
if self.customfield.type == CustomFieldTypeChoices.TYPE_URL:
|
if self.customfield.type == CustomFieldTypeChoices.TYPE_URL:
|
||||||
return mark_safe(f'<a href="{value}">{value}</a>')
|
return escape(f'<a href="{value}">{value}</a>')
|
||||||
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTISELECT:
|
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTISELECT:
|
||||||
return ', '.join(v for v in value)
|
return ', '.join(v for v in value)
|
||||||
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTIOBJECT:
|
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTIOBJECT:
|
||||||
return mark_safe(', '.join([
|
return escape(', '.join([
|
||||||
self._likify_item(obj) for obj in self.customfield.deserialize(value)
|
self._likify_item(obj) for obj in self.customfield.deserialize(value)
|
||||||
]))
|
]))
|
||||||
if value is not None:
|
if value is not None:
|
||||||
obj = self.customfield.deserialize(value)
|
obj = self.customfield.deserialize(value)
|
||||||
return mark_safe(self._likify_item(obj))
|
return escape(self._likify_item(obj))
|
||||||
return self.default
|
return escape(self.default)
|
||||||
|
|
||||||
def value(self, value):
|
def value(self, value):
|
||||||
if isinstance(value, list):
|
if isinstance(value, list):
|
||||||
|
Loading…
Reference in New Issue
Block a user