updating the contracts GET endpoint to use the utlitity sanitize_html function

Author: rmisio

api/restapi.py

@@ -28,6 +28,7 @@
 from market.btcprice import BtcPrice
 from net.upnp import PortMapper
 from api import ALLOWED_TAGS, ALLOWED_ATTRIBUTES, ALLOWED_STYLES
+from utils import sanitize_html
 
 DEFAULT_RECORDS_COUNT = 20
 DEFAULT_RECORDS_OFFSET = 0
@@ -494,7 +495,7 @@ def get_contract(self, request):
         def parse_contract(contract):
             if contract is not None:
                 request.setHeader('content-type', "application/json")
-                request.write(bleach.clean(json.dumps(contract, indent=4), tags=ALLOWED_TAGS).encode("utf-8"))
+                request.write(json.dumps(sanitize_html(contract), indent=4))
                 request.finish()
             else:
                 request.write(json.dumps({}))

api/utils.py

@@ -1,5 +1,7 @@
 import bleach
 
+from api import ALLOWED_TAGS, ALLOWED_ATTRIBUTES, ALLOWED_STYLES
+
 # pylint: disable=W1402
 def smart_unicode(s, encoding='utf8'):
     """ Convert str to unicode. If s is unicode, return itself.
@@ -43,5 +45,5 @@ def sanitize_html(value):
     elif isinstance(value, list):
         value = [sanitize_html(v) for v in value]
     elif isinstance(value, basestring):
-        value = bleach.clean(value)
+        value = bleach.clean(value, tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES, styles=ALLOWED_STYLES)
     return value