Skip to content

Commit

Permalink
Merge pull request #1424 from benero/bugfix_img_logout
Browse files Browse the repository at this point in the history
minor: 评论移除 img 支持 --story=119850966
  • Loading branch information
benero authored Oct 8, 2024
2 parents 3afa2a8 + 8f6d60f commit c5e041c
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 8 deletions.
8 changes: 6 additions & 2 deletions common/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,17 @@ def url_escape(url):
return url


def texteditor_escape(str_escape):
def texteditor_escape(str_escape, is_support_img=True):
"""
富文本处理
@param str_escape: 要检测的字符串
@param is_support_img: 是否支持图片
"""
try:
parser = XssHtml()
allow_tags = []
if not is_support_img:
allow_tags = [i for i in XssHtml.allow_tags if i not in ["img"]]
parser = XssHtml(allows=allow_tags)
parser.feed(str_escape)
parser.close()
return parser.get_html()
Expand Down
6 changes: 4 additions & 2 deletions itsm/ticket/serializers/misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
"""
from blueapps.contrib.xss.utils import texteditor_escape
from django.utils.translation import ugettext as _
from rest_framework import serializers

from common.utils import texteditor_escape
from itsm.component.constants import LEN_LONG, LEN_NORMAL
from itsm.component.utils.client_backend_query import get_bk_users
from itsm.component.utils.human import get_time
Expand Down Expand Up @@ -126,7 +126,9 @@ def update(self, instance, validated_data):
if instance.stars != 0:
raise serializers.ValidationError(_("该单据已经被评论,请勿重复评论"))

validated_data["comments"] = texteditor_escape(validated_data["comments"])
validated_data["comments"] = texteditor_escape(
validated_data["comments"], is_support_img=False
)
return super(CommentSerializer, self).update(instance, validated_data)

def to_representation(self, instance):
Expand Down
11 changes: 7 additions & 4 deletions itsm/ticket/serializers/ticket.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,13 @@
from collections import OrderedDict
from datetime import datetime

from blueapps.contrib.xss.utils import texteditor_escape
from django.contrib.auth import get_user_model
from django.utils.translation import ugettext as _
from rest_framework import serializers
from rest_framework.fields import JSONField, empty

from common.log import logger
from common.utils import html_escape
from common.utils import html_escape, texteditor_escape
from itsm.auth_iam.utils import IamRequest
from itsm.component.constants import (
ACTION_CHOICES,
Expand Down Expand Up @@ -1563,7 +1562,9 @@ def update(self, instance, validated_data):
receivers = ",".join(
compute_list_difference(instance.users, validated_data["users"])
)
validated_data["content"] = texteditor_escape(validated_data["content"])
validated_data["content"] = texteditor_escape(
validated_data["content"], is_support_img=False
)

instance.update_log.append(
"{}于{}更新了该评论".format(
Expand All @@ -1586,7 +1587,9 @@ def create(self, validated_data):
parent_node = TicketRemark.objects.get(id=parent_id)
validated_data["parent_id"] = parent_id
validated_data["ticket_id"] = parent_node.ticket_id
validated_data["content"] = texteditor_escape(validated_data["content"])
validated_data["content"] = texteditor_escape(
validated_data["content"], is_support_img=False
)
validated_data.pop("parent")
instance = super(TicketRemarkSerializer, self).create(validated_data)

Expand Down

0 comments on commit c5e041c

Please sign in to comment.