Multiple fixes, changed beautifoul soup dependency for bleach from mozilla

2023-12-20 01:46:48 +01:00 · 2023-12-20 01:46:48 +01:00 · c85fed0df1
commit c85fed0df1
parent 5339ba4b4c
3 changed files with 22 additions and 7 deletions
--- a/paramecio2/libraries/db/corefields.py
+++ b/paramecio2/libraries/db/corefields.py
@ -1,7 +1,8 @@
 from paramecio2.libraries.db.webmodel import PhangoField
 from paramecio2.libraries.db import coreforms
 from paramecio2.libraries.i18n import I18n
-from bs4 import BeautifulSoup
+#from bs4 import BeautifulSoup
+import bleach

 class IntegerField(PhangoField):
    
@ -212,9 +213,12 @@ class HTMLField(TextField):
        This check method use beautifulsoap for clean and format html code
        """
        
+        # leach.clean('<p>"trial"</p><script></script>', tags=('p'))
+        """
        soup=BeautifulSoup(value, features='html.parser')

        for tag in soup.findAll(True):
+            
            if tag.name not in self.trusted_tags:
                tag.hidden=True

@ -227,7 +231,18 @@ class HTMLField(TextField):
            
            return value

-
+        """
+        
+        value=bleach.clean('<p>"trial"</p><script></script>', tags=self.trusted_tags)
+        
+        if self.escape:
+            
+            return value.replace('"', '&quot;')
+        else:
+            
+            return value
+        
+        
 class ForeignKeyField(IntegerField):
    """Subclass of IntegerField for create Foreign keys
    
--- a/paramecio2/tests/fields_test.py
+++ b/paramecio2/tests/fields_test.py
@ -59,15 +59,15 @@ def test_test_htmlfield():
    
    field=corefields.HTMLField('html')
    
-    assert field.check('<p>"trial"</p><script></script>')=='"trial"'
+    assert field.check('<p>"trial"</p><script></script>')=='&lt;p&gt;"trial"&lt;/p&gt;&lt;script&gt;&lt;/script&gt;'

    field.escape=True
    
-    assert field.check('<p>"trial"</p><script></script>')=='&quot;trial&quot;'
+    assert field.check('<p>"trial"</p><script></script>')=='&lt;p&gt;&quot;trial&quot;&lt;/p&gt;&lt;script&gt;&lt;/script&gt;'

    field.trusted_tags=['p']
    
-    assert field.check('<p>"trial"</p><script></script>')=='<p>&quot;trial&quot;</p>'
+    assert field.check('<p>"trial"</p><script></script>')=='<p>&quot;trial&quot;</p>&lt;script&gt;&lt;/script&gt;'

    #field.
 def test_test_foreignkeyfield():