Merge pull request #7338 from akatsoulas/question-details-parser

akatsoulas · web-flow · commit 050bd02b2351 · 2026-03-23T13:28:47.000+02:00
Use limited parser for question details
diff --git a/kitsune/flagit/jinja2/flagit/includes/flagged_profile.html b/kitsune/flagit/jinja2/flagit/includes/flagged_profile.html
@@ -2,7 +2,7 @@
 <h3 class="sumo-page-intro">{{ _('Content:') }}</h3>
 <div class="content">
   <h2 class="sumo-page-subheading">{{ object.content_object }}</h2>
-  {{ object.content_object.bio|wiki_to_html(nofollow=True) }}
+  {{ object.content_object.bio|wiki_to_safe_html(nofollow=True) }}
 </div>
 <h3 class="sumo-page-intro">{{ _('Flagged:') }}</h3>
 <p class="flagged">
diff --git a/kitsune/gallery/jinja2/gallery/media.html b/kitsune/gallery/jinja2/gallery/media.html
@@ -75,7 +75,7 @@ <h1 class="sumo-page-heading">{{ media.title|truncate(length=55, killwords=True)
       </div>
 
       <h2 class="sumo-page-subheading">{{ _('Description') }}</h2>
-      <div class="description">{{ media.description|wiki_to_html }}</div>
+      <div class="description">{{ media.description|wiki_to_html_questions }}</div>
 
       {% if media_type == 'image' %}
         <h2 class="sumo-page-subheading">{{ _('Articles') }}</h2>
diff --git a/kitsune/messages/models.py b/kitsune/messages/models.py
@@ -7,13 +7,7 @@
 
 ALLOWED_MESSAGE_ATTRIBUTES = {
     "a": ["href", "title", "rel", "data-mozilla-ui-reset", "data-mozilla-ui-preferences"],
-    "div": ["id", "data-for", "title", "data-target", "data-modal"],
-    "h1": ["id"],
-    "h2": ["id"],
-    "h3": ["id"],
-    "h4": ["id"],
-    "h5": ["id"],
-    "h6": ["id"],
+    "div": ["data-for", "title"],
     "span": ["data-for"],
     "img": ["src", "data-original-src", "alt", "title", "height", "width"],
     "video": [
diff --git a/kitsune/questions/jinja2/questions/question_details.html b/kitsune/questions/jinja2/questions/question_details.html
@@ -533,7 +533,7 @@ <h3 class="sumo-card-heading">{{ started_label }}</h3>
                   {% if question.metadata.plugins %}
                   <h3 class="sumo-card-heading">{{ plugins_label }}</h3>
                   <p><span class="plugins">
-                    {{ question.metadata.plugins|wiki_to_html }}
+                    {{ question.metadata.plugins|wiki_to_html_questions }}
                   </span></p>
                   {% endif %}
                   {{ troubleshooting_info(question) }}
