评论markdown优化

liangliangyy · liangliangyy · commit 6284ffffd70e · 2021-11-17T14:15:59.000+08:00
diff --git a/.gitignore b/.gitignore
@@ -74,7 +74,7 @@ google93fd32dbd906620a.html
 baidu_verify_FlHL7cUyC9.html
 BingSiteAuth.xml
 cb9339dbe2ff86a5aa169d28dba5f615.txt
-werobot_session
+werobot_session.*
 django.jpg
 uploads/
 settings_production.py
diff --git a/blog/templatetags/blog_tags.py b/blog/templatetags/blog_tags.py
@@ -3,6 +3,7 @@
 import random
 import urllib
 
+import bleach
 from django import template
 from django.conf import settings
 from django.db.models import Q
@@ -13,6 +14,7 @@
 
 from blog.models import Article, Category, Tag, Links, SideBar, LinkShowType
 from comments.models import Comment
+from djangoblog.utils import CommonMarkdown
 from djangoblog.utils import cache
 from djangoblog.utils import get_current_site
 from oauth.models import OAuthUser
@@ -40,10 +42,10 @@ def datetimeformat(data):
         return ""
 
 
-@register.filter(is_safe=True)
+@register.filter()
 @stringfilter
 def custom_markdown(content):
-    from djangoblog.utils import CommonMarkdown
+    content = bleach.clean(content)
     return mark_safe(CommonMarkdown.get_markdown(content))
 
 
@@ -258,16 +260,6 @@ def load_pagination_info(page_obj, page_type, tag_name):
     }
 
 
-"""
-@register.inclusion_tag('nav.html')
-def load_nav_info():
-    category_list = Category.objects.all()
-    return {
-        'nav_category_list': category_list
-    }
-"""
-
-
 @register.inclusion_tag('blog/tags/article_info.html')
 def load_article_detail(article, isindex, user):
     """
diff --git a/requirements.txt b/requirements.txt
@@ -1,4 +1,5 @@
 coverage==6.1.2
+bleach==4.1.0
 Django==3.2.9
 django-compressor==2.4.1
 django-haystack==3.1.1
diff --git a/templates/blog/tags/sidebar.html b/templates/blog/tags/sidebar.html
@@ -15,7 +15,7 @@
             <aside class="widget_text widget widget_custom_html"><p class="widget-title">
                 {{ sidebar.name }}</p>
                 <div class="textwidget custom-html-widget">
-                    {{ sidebar.content|custom_markdown }}
+                    {{ sidebar.content|custom_markdown|safe }}
                 </div>
             </aside>
         {% endfor %}
diff --git a/templates/comments/tags/comment_item.html b/templates/comments/tags/comment_item.html
@@ -24,9 +24,9 @@
             <div>{{ comment_item.created_time }}</div>
             <div>回复给:@{{ comment_item.author.parent_comment.username }}</div>
         </div>
-
-        <p>{{ comment_item.body |custom_markdown }}</p>
-
+        {% autoescape on %}
+            <p>{{ comment_item.body|custom_markdown }}</p>
+        {% endautoescape %}
         <div class="reply"><a rel="nofollow" class="comment-reply-link"
                               href="javascript:void(0)"
                               onclick="do_reply({{ comment_item.pk }})"
diff --git a/templates/comments/tags/comment_item_tree.html b/templates/comments/tags/comment_item_tree.html
@@ -31,6 +31,7 @@
                 </div>
             {% endif %}
         </p>
+
         <p>{{ comment_item.body|custom_markdown }}</p>
 
         <div class="reply"><a rel="nofollow" class="comment-reply-link"

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`coverage==6.1.2`
	`2`	`+bleach==4.1.0`
`2`	`3`	`Django==3.2.9`
`3`	`4`	`django-compressor==2.4.1`
`4`	`5`	`django-haystack==3.1.1`