mirrors/takahe
1
1
Fork 0
mirror of https://github.com/jointakahe/takahe.git synced 2024-11-19 22:01:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

Make summary HTML-formatted (and safe!)

Browse source
This commit is contained in:
Andrew Godwin 2022-12-21 20:48:39 +00:00
parent c9794c0fcf
commit 23db8f3dd8
3 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
static/css/style.css
View file

@ -835,6 +835,10 @@ h1.identity small {
height: 22px; height: 22px;
} }
.bio p {
margin: 0 0 10px 0;
}
.system-note { .system-note {
background: var(--color-bg-menu); background: var(--color-bg-menu);
color: var(--color-text-dull); color: var(--color-text-dull);

9
users/services/identity.py
View file

@ -1,7 +1,9 @@
from typing import cast from typing import cast
from django.db import models from django.db import models
from django.template.defaultfilters import linebreaks_filter
from core.html import strip_html
from users.models import Follow, FollowStates, Identity from users.models import Follow, FollowStates, Identity
@ -69,3 +71,10 @@ class IdentityService:
"endorsed": False, "endorsed": False,
"note": "", "note": "",
} }
def set_summary(self, summary: str):
"""
Safely sets a summary and turns linebreaks into HTML
"""
self.identity.summary = linebreaks_filter(strip_html(summary))
self.identity.save()

6
users/views/settings/profile.py
View file

@ -5,9 +5,11 @@ from django.utils.decorators import method_decorator
from django.views.generic import FormView from django.views.generic import FormView
from core.files import resize_image from core.files import resize_image
from core.html import html_to_plaintext
from core.models.config import Config from core.models.config import Config
from users.decorators import identity_required from users.decorators import identity_required
from users.models import IdentityStates from users.models import IdentityStates
from users.services import IdentityService
@method_decorator(identity_required, name="dispatch") @method_decorator(identity_required, name="dispatch")
@ -50,7 +52,7 @@ class ProfilePage(FormView):
identity = self.request.identity identity = self.request.identity
return { return {
"name": identity.name, "name": identity.name,
"summary": identity.summary, "summary": html_to_plaintext(identity.summary),
"icon": identity.icon and identity.icon.url, "icon": identity.icon and identity.icon.url,
"image": identity.image and identity.image.url, "image": identity.image and identity.image.url,
"discoverable": identity.discoverable, "discoverable": identity.discoverable,
@ -61,8 +63,8 @@ class ProfilePage(FormView):
# Update basic info # Update basic info
identity = self.request.identity identity = self.request.identity
identity.name = form.cleaned_data["name"] identity.name = form.cleaned_data["name"]
identity.summary = form.cleaned_data["summary"]
identity.discoverable = form.cleaned_data["discoverable"] identity.discoverable = form.cleaned_data["discoverable"]
IdentityService(identity).set_summary(form.cleaned_data["summary"])
# Resize images # Resize images
icon = form.cleaned_data.get("icon") icon = form.cleaned_data.get("icon")
image = form.cleaned_data.get("image") image = form.cleaned_data.get("image")