Sanitize incoming html

2020-12-16 16:47:05 -08:00 · 2020-12-16 16:47:05 -08:00 · a3c7d324d6
commit a3c7d324d6
parent d79a756813
8 changed files with 62 additions and 11 deletions
--- a/bookwyrm/models/status.py
+++ b/bookwyrm/models/status.py
@ -14,7 +14,7 @@ class Status(OrderedCollectionPageMixin, BookWyrmModel):
    ''' any post, like a reply to a review, etc '''
    user = fields.ForeignKey(
        'User', on_delete=models.PROTECT, activitypub_field='attributedTo')
-    content = fields.TextField(blank=True, null=True)
+    content = fields.HtmlField(blank=True, null=True)
    mention_users = fields.TagField('User', related_name='mention_user')
    mention_books = fields.TagField('Edition', related_name='mention_book')
    local = models.BooleanField(default=True)
@ -134,7 +134,7 @@ class Comment(Status):

 class Quotation(Status):
    ''' like a review but without a rating and transient '''
-    quote = fields.TextField()
+    quote = fields.HtmlField()
    book = fields.ForeignKey(
        'Edition', on_delete=models.PROTECT, activitypub_field='inReplyToBook')