Use "strip" in bleach

This removes forbidden html, rather than leaving them in place but unrendered.
2024-06-11 01:39:23 +00:00 · 2022-07-04 13:45:28 -07:00 · 2022-07-04 13:45:28 -07:00 · 9d9b7f366a
parent 70beb24d95
commit 9d9b7f366a
2 changed files with 4 additions and 3 deletions
--- a/bookwyrm/tests/test_sanitize_html.py
+++ b/bookwyrm/tests/test_sanitize_html.py
@ -32,14 +32,14 @@ class Sanitizer(TestCase):
        self.assertEqual(output, '<a href="fish.com">yes    </a> <i>html</i>')

    def test_invalid_html(self):
-        """remove all html when the html is malformed"""
+        """don't allow malformed html"""
        input_text = "<b>yes  <i>html</i>"
        output = clean(input_text)
-        self.assertEqual("yes  html", output)
+        self.assertEqual("<b>yes  <i>html</i></b>", output)

        input_text = "yes <i></b>html   </i>"
        output = clean(input_text)
-        self.assertEqual("yes html   ", output)
+        self.assertEqual("yes <i>html   </i>", output)

    def test_disallowed_html(self):
        """remove disallowed html but keep allowed html"""
--- a/bookwyrm/utils/sanitizer.py
+++ b/bookwyrm/utils/sanitizer.py
@ -22,4 +22,5 @@ def clean(input_text):
            "li",
        ],
        attributes=["href", "rel", "src", "alt"],
+        strip=True,
    )