From 6284ffffd70e76da58fc3c06d3af5854a97978f7 Mon Sep 17 00:00:00 2001 From: liangliangyy Date: Wed, 17 Nov 2021 14:15:59 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AF=84=E8=AE=BAmarkdown=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 +- blog/templatetags/blog_tags.py | 16 ++++------------ requirements.txt | 1 + templates/blog/tags/sidebar.html | 2 +- templates/comments/tags/comment_item.html | 6 +++--- templates/comments/tags/comment_item_tree.html | 1 + 6 files changed, 11 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index d17ee1e..b54f038 100644 --- a/.gitignore +++ b/.gitignore @@ -74,7 +74,7 @@ google93fd32dbd906620a.html baidu_verify_FlHL7cUyC9.html BingSiteAuth.xml cb9339dbe2ff86a5aa169d28dba5f615.txt -werobot_session +werobot_session.* django.jpg uploads/ settings_production.py diff --git a/blog/templatetags/blog_tags.py b/blog/templatetags/blog_tags.py index 37b2557..3871e50 100644 --- a/blog/templatetags/blog_tags.py +++ b/blog/templatetags/blog_tags.py @@ -3,6 +3,7 @@ import logging import random import urllib +import bleach from django import template from django.conf import settings from django.db.models import Q @@ -13,6 +14,7 @@ from django.utils.safestring import mark_safe from blog.models import Article, Category, Tag, Links, SideBar, LinkShowType from comments.models import Comment +from djangoblog.utils import CommonMarkdown from djangoblog.utils import cache from djangoblog.utils import get_current_site from oauth.models import OAuthUser @@ -40,10 +42,10 @@ def datetimeformat(data): return "" -@register.filter(is_safe=True) +@register.filter() @stringfilter def custom_markdown(content): - from djangoblog.utils import CommonMarkdown + content = bleach.clean(content) return mark_safe(CommonMarkdown.get_markdown(content)) @@ -258,16 +260,6 @@ def load_pagination_info(page_obj, page_type, tag_name): } -""" -@register.inclusion_tag('nav.html') -def load_nav_info(): - category_list = Category.objects.all() - return { - 'nav_category_list': category_list - } -""" - - @register.inclusion_tag('blog/tags/article_info.html') def load_article_detail(article, isindex, user): """ diff --git a/requirements.txt b/requirements.txt index 481f0da..2fa813a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ coverage==6.1.2 +bleach==4.1.0 Django==3.2.9 django-compressor==2.4.1 django-haystack==3.1.1 diff --git a/templates/blog/tags/sidebar.html b/templates/blog/tags/sidebar.html index 8e2d1b5..e17f269 100755 --- a/templates/blog/tags/sidebar.html +++ b/templates/blog/tags/sidebar.html @@ -15,7 +15,7 @@ {% endfor %} diff --git a/templates/comments/tags/comment_item.html b/templates/comments/tags/comment_item.html index faf6c96..aff1212 100644 --- a/templates/comments/tags/comment_item.html +++ b/templates/comments/tags/comment_item.html @@ -24,9 +24,9 @@
{{ comment_item.created_time }}
回复给:@{{ comment_item.author.parent_comment.username }}
- -

{{ comment_item.body |custom_markdown }}

- + {% autoescape on %} +

{{ comment_item.body|custom_markdown }}

+ {% endautoescape %}
{% endif %}

+

{{ comment_item.body|custom_markdown }}