darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-03 01:41:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Don’t strip HTML when saving templates

Browse Source 
Right now we strip HTML from templates at the point of saving them. This
also converts stuff like ampersands to their entity form (eg &) and
this is what we save in the database.

This is a bad idea when you’re sending a text message or a letter, in
which an HTML entity makes no sense. But we still need to encode HTML in
the body of HTML emails.

The right place to do this is when rendering the templates. The code to
do this is now in utils. So this commit:
- pull in this new utils code
- removes the old
- adds some integration tests to make sure that everything is working
  as expected (more thorough unit tests are happening in utils)
This commit is contained in:
Chris Hill-Scott
2017-01-19 12:05:28 +00:00
parent 634b78d3b5
commit 6e6d471cda
5 changed files with 30 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/template/rest.py
View File

@@ -4,7 +4,6 @@ from flask import (
request,
current_app
)
import bleach
from app.dao.templates_dao import (
dao_update_template,
@@ -41,7 +40,6 @@ def create_template(service_id):
fetched_service = dao_fetch_service_by_id(service_id=service_id)
new_template = template_schema.load(request.get_json()).data
new_template.service = fetched_service
new_template.content = _strip_html(new_template.content)
over_limit = _content_count_greater_than_limit(new_template.content, new_template.template_type)
if over_limit:
char_count_limit = current_app.config.get('SMS_CHAR_COUNT_LIMIT')
@@ -60,7 +58,6 @@ def update_template(service_id, template_id):
current_data = dict(template_schema.dump(fetched_template).data.items())
updated_template = dict(template_schema.dump(fetched_template).data.items())
updated_template.update(request.get_json())
updated_template['content'] = _strip_html(updated_template['content'])
# Check if there is a change to make.
if _template_has_not_changed(current_data, updated_template):
return jsonify(data=updated_template), 200
@@ -137,10 +134,6 @@ def get_template_versions(service_id, template_id):
return jsonify(data=data)
def _strip_html(content):
return bleach.clean(content, tags=[], strip=True)
def _template_has_not_changed(current_data, updated_template):
return all(
current_data[key] == updated_template[key]