darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-01-31 23:26:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #135 from alphagov/strip-html-from-templates

Browse Source 
Strip HTML from template content
This commit is contained in:
minglis
2016-03-07 12:40:29 +00:00
parent fa87f9c7b3 b3f4e40421
commit 7665ec7213
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/template/rest.py
View File

@@ -4,6 +4,7 @@ from flask import (
request,
current_app
)
import bleach
from sqlalchemy.exc import IntegrityError
from app.dao.templates_dao import (
@@ -34,6 +35,7 @@ def create_template(service_id):
if errors:
return jsonify(result="error", message=errors), 400
new_template.service = fetched_service
new_template.content = _strip_html(new_template.content)
try:
dao_create_template(new_template)
except IntegrityError as ex:
@@ -55,6 +57,7 @@ def update_template(service_id, template_id):
current_data = dict(template_schema.dump(fetched_template).data.items())
current_data.update(request.get_json())
current_data['content'] = _strip_html(current_data['content'])
update_dict, errors = template_schema.load(current_data)
if errors:
@@ -79,3 +82,7 @@ def get_template_by_id_and_service_id(service_id, template_id):
return jsonify(data=data)
else:
return jsonify(result="error", message="Template not found"), 404
def _strip_html(content):
return bleach.clean(content, tags=[], strip=True)