Feedback reply: admin-only WYSIWYG editor (server stays the adult)
Replace the Markdown composer with a small contenteditable WYSIWYG (Codex greenlit for this narrow, admin-only surface). * markup.py: render_reply_html → sanitize_reply_html + reply_html_to_text. Allowlist rebuild via stdlib HTMLParser — keeps strong/em/p/br/ul/ol/li and span ONLY with a whitelisted font-size (13/15/18/22px); normalizes b→strong, i→em, div→p, <font size> → safe span; drops links/images/arbitrary styles (content kept as escaped text) and discards script/style content entirely. * API: FeedbackReplyBody.html (raw editor HTML); endpoint sanitizes → message_html, derives plain text → stored message + the email text/plain part. Unchanged: multipart send, store-on-success, conn released during SMTP, mark-read, 404/400/422. * Frontend: contenteditable editor + toolbar (Bold/Italic/Size/• List/1. List), execCommand with styleWithCSS=false for semantic tags, font size wraps the selection in a fixed-px span, paste intercepted as plain text. No links yet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+34
-14
@@ -1,23 +1,43 @@
|
||||
from goodnews.markup import render_reply_html as r
|
||||
from goodnews.markup import sanitize_reply_html as s, reply_html_to_text as t2
|
||||
|
||||
|
||||
def test_escapes_before_formatting():
|
||||
out = r("<script>alert(1)</script> and **bold**")
|
||||
assert "<script>" not in out and "<script>" in out
|
||||
assert "<strong>bold</strong>" in out
|
||||
def test_keeps_allowed_formatting_and_normalizes_tags():
|
||||
out = s("<b>bold</b> and <i>it</i> and <strong>x</strong> and <em>y</em>")
|
||||
assert out == "<strong>bold</strong> and <em>it</em> and <strong>x</strong> and <em>y</em>"
|
||||
|
||||
|
||||
def test_bullets_and_heading_and_paragraphs():
|
||||
assert r("- one\n- two") == "<ul><li>one</li><li>two</li></ul>"
|
||||
assert r("## Update") == "<h4>Update</h4>"
|
||||
assert r("a\nb\n\nc") == "<p>a<br>b</p><p>c</p>"
|
||||
def test_lists_and_paragraphs():
|
||||
assert s("<ul><li>a</li><li>b</li></ul>") == "<ul><li>a</li><li>b</li></ul>"
|
||||
assert s("<ol><li>one</li></ol>") == "<ol><li>one</li></ol>"
|
||||
assert s("<div>line</div>") == "<p>line</p>" # div canonicalised to p
|
||||
assert s("a<br>b") == "a<br>b"
|
||||
|
||||
|
||||
def test_no_links_or_attrs_pass_through():
|
||||
out = r('[click](http://x) <a href="x" onclick="y">hi</a>')
|
||||
assert "<a" not in out # no anchor tag produced or passed through (escaped to <a)
|
||||
assert "[click]" in out # markdown links unsupported → left as literal text
|
||||
def test_font_size_whitelist():
|
||||
assert s('<span style="font-size:18px">big</span>') == '<span style="font-size:18px">big</span>'
|
||||
# off-whitelist size → span dropped, text kept
|
||||
assert s('<span style="font-size:40px">huge</span>') == "huge"
|
||||
# <font size> normalised to a safe span
|
||||
assert s('<font size="5">x</font>') == '<span style="font-size:22px">x</span>'
|
||||
|
||||
|
||||
def test_strips_dangerous_and_arbitrary():
|
||||
# script content discarded entirely
|
||||
assert "alert" not in s("<script>alert(1)</script>hi") and s("<script>alert(1)</script>hi") == "hi"
|
||||
# links dropped, text kept; no href/onclick survive
|
||||
out = s('<a href="http://x" onclick="y()">click</a>')
|
||||
assert out == "click"
|
||||
# arbitrary styles/colors stripped, content kept
|
||||
assert s('<span style="color:red;font-weight:bold">z</span>') == "z"
|
||||
# escapes stray angle brackets in text
|
||||
assert s("2 < 3 & 4 > 1") == "2 < 3 & 4 > 1"
|
||||
|
||||
|
||||
def test_empty():
|
||||
assert r(" ") == "" and r(None) == ""
|
||||
assert s("") == "" and s("<p></p>") == "" and s("<br>") == ""
|
||||
|
||||
|
||||
def test_html_to_text():
|
||||
assert t2("<p>hi <strong>there</strong></p>") == "hi there"
|
||||
assert t2("<ul><li>a</li><li>b</li></ul>") == "- a\n- b"
|
||||
assert t2('<span style="font-size:18px">big</span>') == "big"
|
||||
|
||||
Reference in New Issue
Block a user