Make summary HTML-formatted (and safe!)
This commit is contained in:
parent
c9794c0fcf
commit
23db8f3dd8
|
@ -835,6 +835,10 @@ h1.identity small {
|
|||
height: 22px;
|
||||
}
|
||||
|
||||
.bio p {
|
||||
margin: 0 0 10px 0;
|
||||
}
|
||||
|
||||
.system-note {
|
||||
background: var(--color-bg-menu);
|
||||
color: var(--color-text-dull);
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
from typing import cast
|
||||
|
||||
from django.db import models
|
||||
from django.template.defaultfilters import linebreaks_filter
|
||||
|
||||
from core.html import strip_html
|
||||
from users.models import Follow, FollowStates, Identity
|
||||
|
||||
|
||||
|
@ -69,3 +71,10 @@ class IdentityService:
|
|||
"endorsed": False,
|
||||
"note": "",
|
||||
}
|
||||
|
||||
def set_summary(self, summary: str):
|
||||
"""
|
||||
Safely sets a summary and turns linebreaks into HTML
|
||||
"""
|
||||
self.identity.summary = linebreaks_filter(strip_html(summary))
|
||||
self.identity.save()
|
||||
|
|
|
@ -5,9 +5,11 @@ from django.utils.decorators import method_decorator
|
|||
from django.views.generic import FormView
|
||||
|
||||
from core.files import resize_image
|
||||
from core.html import html_to_plaintext
|
||||
from core.models.config import Config
|
||||
from users.decorators import identity_required
|
||||
from users.models import IdentityStates
|
||||
from users.services import IdentityService
|
||||
|
||||
|
||||
@method_decorator(identity_required, name="dispatch")
|
||||
|
@ -50,7 +52,7 @@ class ProfilePage(FormView):
|
|||
identity = self.request.identity
|
||||
return {
|
||||
"name": identity.name,
|
||||
"summary": identity.summary,
|
||||
"summary": html_to_plaintext(identity.summary),
|
||||
"icon": identity.icon and identity.icon.url,
|
||||
"image": identity.image and identity.image.url,
|
||||
"discoverable": identity.discoverable,
|
||||
|
@ -61,8 +63,8 @@ class ProfilePage(FormView):
|
|||
# Update basic info
|
||||
identity = self.request.identity
|
||||
identity.name = form.cleaned_data["name"]
|
||||
identity.summary = form.cleaned_data["summary"]
|
||||
identity.discoverable = form.cleaned_data["discoverable"]
|
||||
IdentityService(identity).set_summary(form.cleaned_data["summary"])
|
||||
# Resize images
|
||||
icon = form.cleaned_data.get("icon")
|
||||
image = form.cleaned_data.get("image")
|
||||
|
|
Loading…
Reference in New Issue