diff options
author | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-09-23 14:11:37 -0400 |
---|---|---|
committer | Evgeny Fadeev <evgeny.fadeev@gmail.com> | 2010-09-23 14:13:40 -0400 |
commit | e6f3cfdb990208ad20fb7a7b1f863ffbeea88cf3 (patch) | |
tree | 4b22726985d61c6dc433ac855733db685731e44e | |
parent | 98360b7821240c21ec9b7adde155e4bcaf7bfdd5 (diff) | |
download | askbot-e6f3cfdb990208ad20fb7a7b1f863ffbeea88cf3.tar.gz askbot-e6f3cfdb990208ad20fb7a7b1f863ffbeea88cf3.tar.bz2 askbot-e6f3cfdb990208ad20fb7a7b1f863ffbeea88cf3.zip |
better input cleaning for comments
-rw-r--r-- | askbot/__init__.py | 2 | ||||
-rw-r--r-- | askbot/models/base.py | 4 | ||||
-rw-r--r-- | askbot/models/content.py | 1 | ||||
-rw-r--r-- | askbot/models/meta.py | 1 | ||||
-rw-r--r-- | askbot/setup_templates/settings.py | 4 |
5 files changed, 7 insertions, 5 deletions
diff --git a/askbot/__init__.py b/askbot/__init__.py index 8a5c99be..94dfde1d 100644 --- a/askbot/__init__.py +++ b/askbot/__init__.py @@ -22,7 +22,7 @@ def get_version(): """returns version of the askbot app this version is meaningful for pypi only """ - return '0.6.12' + return '0.6.13' #todo: maybe send_mail functions belong to models #or the future API diff --git a/askbot/models/base.py b/askbot/models/base.py index c54d344d..db365966 100644 --- a/askbot/models/base.py +++ b/askbot/models/base.py @@ -1,4 +1,5 @@ import datetime +import cgi from django.db import models from django.utils.html import strip_tags from django.contrib.auth.models import User @@ -29,6 +30,9 @@ def parse_post_text(post): text = post.get_text() + if post._escape_html: + text = cgi.escape(text) + if post._urlize: text = html.urlize(text) diff --git a/askbot/models/content.py b/askbot/models/content.py index 636b093e..6c524125 100644 --- a/askbot/models/content.py +++ b/askbot/models/content.py @@ -39,6 +39,7 @@ class Content(models.Model): flagged_items = generic.GenericRelation(FlaggedItem) _use_markdown = True + _escape_html = False #markdow does the escaping _urlize = False class Meta: diff --git a/askbot/models/meta.py b/askbot/models/meta.py index 9aa372cc..bcdfa2c6 100644 --- a/askbot/models/meta.py +++ b/askbot/models/meta.py @@ -108,6 +108,7 @@ class Comment(base.MetaContent, base.UserContent): _urlize = True _use_markdown = False + _escape_html = True class Meta(base.MetaContent.Meta): ordering = ('-added_at',) diff --git a/askbot/setup_templates/settings.py b/askbot/setup_templates/settings.py index 491d3832..0b2a2050 100644 --- a/askbot/setup_templates/settings.py +++ b/askbot/setup_templates/settings.py @@ -44,10 +44,6 @@ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' # system time zone. TIME_ZONE = 'America/Chicago' -# Language code for this installation. All choices can be found here: -# http://www.i18nguy.com/unicode/language-identifiers.html -LANGUAGE_CODE = 'en-us' - SITE_ID = 1 # If you set this to False, Django will make some optimizations so as not |