From 8f6d60f3f48b87dd3302fa68a67f8fd10f099b70 Mon Sep 17 00:00:00 2001 From: benero Date: Tue, 8 Oct 2024 17:11:00 +0800 Subject: [PATCH] =?UTF-8?q?minor:=20=E8=AF=84=E8=AE=BA=E7=A7=BB=E9=99=A4?= =?UTF-8?q?=20img=20=E6=94=AF=E6=8C=81=20--story=3D119850966?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- common/utils.py | 8 ++++++-- itsm/ticket/serializers/misc.py | 6 ++++-- itsm/ticket/serializers/ticket.py | 11 +++++++---- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/common/utils.py b/common/utils.py index 7955786e..29c128c5 100644 --- a/common/utils.py +++ b/common/utils.py @@ -71,13 +71,17 @@ def url_escape(url): return url -def texteditor_escape(str_escape): +def texteditor_escape(str_escape, is_support_img=True): """ 富文本处理 @param str_escape: 要检测的字符串 + @param is_support_img: 是否支持图片 """ try: - parser = XssHtml() + allow_tags = [] + if not is_support_img: + allow_tags = [i for i in XssHtml.allow_tags if i not in ["img"]] + parser = XssHtml(allows=allow_tags) parser.feed(str_escape) parser.close() return parser.get_html() diff --git a/itsm/ticket/serializers/misc.py b/itsm/ticket/serializers/misc.py index 07183e2c..3b802e86 100644 --- a/itsm/ticket/serializers/misc.py +++ b/itsm/ticket/serializers/misc.py @@ -22,10 +22,10 @@ WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. """ -from blueapps.contrib.xss.utils import texteditor_escape from django.utils.translation import ugettext as _ from rest_framework import serializers +from common.utils import texteditor_escape from itsm.component.constants import LEN_LONG, LEN_NORMAL from itsm.component.utils.client_backend_query import get_bk_users from itsm.component.utils.human import get_time @@ -126,7 +126,9 @@ def update(self, instance, validated_data): if instance.stars != 0: raise serializers.ValidationError(_("该单据已经被评论,请勿重复评论")) - validated_data["comments"] = texteditor_escape(validated_data["comments"]) + validated_data["comments"] = texteditor_escape( + validated_data["comments"], is_support_img=False + ) return super(CommentSerializer, self).update(instance, validated_data) def to_representation(self, instance): diff --git a/itsm/ticket/serializers/ticket.py b/itsm/ticket/serializers/ticket.py index 17c238fb..730d80a2 100644 --- a/itsm/ticket/serializers/ticket.py +++ b/itsm/ticket/serializers/ticket.py @@ -27,14 +27,13 @@ from collections import OrderedDict from datetime import datetime -from blueapps.contrib.xss.utils import texteditor_escape from django.contrib.auth import get_user_model from django.utils.translation import ugettext as _ from rest_framework import serializers from rest_framework.fields import JSONField, empty from common.log import logger -from common.utils import html_escape +from common.utils import html_escape, texteditor_escape from itsm.auth_iam.utils import IamRequest from itsm.component.constants import ( ACTION_CHOICES, @@ -1563,7 +1562,9 @@ def update(self, instance, validated_data): receivers = ",".join( compute_list_difference(instance.users, validated_data["users"]) ) - validated_data["content"] = texteditor_escape(validated_data["content"]) + validated_data["content"] = texteditor_escape( + validated_data["content"], is_support_img=False + ) instance.update_log.append( "{}于{}更新了该评论".format( @@ -1586,7 +1587,9 @@ def create(self, validated_data): parent_node = TicketRemark.objects.get(id=parent_id) validated_data["parent_id"] = parent_id validated_data["ticket_id"] = parent_node.ticket_id - validated_data["content"] = texteditor_escape(validated_data["content"]) + validated_data["content"] = texteditor_escape( + validated_data["content"], is_support_img=False + ) validated_data.pop("parent") instance = super(TicketRemarkSerializer, self).create(validated_data)