From 9d9b7f366a2b6b711c5b6f3609286a26f98486de Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 4 Jul 2022 13:45:28 -0700
Subject: [PATCH] Use "strip" in bleach

This removes forbidden html, rather than leaving them in place but
unrendered.
---
 bookwyrm/tests/test_sanitize_html.py | 6 +++---
 bookwyrm/utils/sanitizer.py          | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/bookwyrm/tests/test_sanitize_html.py b/bookwyrm/tests/test_sanitize_html.py
index ca1643e8f..449acdafb 100644
--- a/bookwyrm/tests/test_sanitize_html.py
+++ b/bookwyrm/tests/test_sanitize_html.py
@@ -32,14 +32,14 @@ class Sanitizer(TestCase):
         self.assertEqual(output, '<a href="fish.com">yes    </a> <i>html</i>')
 
     def test_invalid_html(self):
-        """remove all html when the html is malformed"""
+        """don't allow malformed html"""
         input_text = "<b>yes  <i>html</i>"
         output = clean(input_text)
-        self.assertEqual("yes  html", output)
+        self.assertEqual("<b>yes  <i>html</i></b>", output)
 
         input_text = "yes <i></b>html   </i>"
         output = clean(input_text)
-        self.assertEqual("yes html   ", output)
+        self.assertEqual("yes <i>html   </i>", output)
 
     def test_disallowed_html(self):
         """remove disallowed html but keep allowed html"""
diff --git a/bookwyrm/utils/sanitizer.py b/bookwyrm/utils/sanitizer.py
index 676921949..f6c87358c 100644
--- a/bookwyrm/utils/sanitizer.py
+++ b/bookwyrm/utils/sanitizer.py
@@ -22,4 +22,5 @@ def clean(input_text):
             "li",
         ],
         attributes=["href", "rel", "src", "alt"],
+        strip=True,
     )