Merge pull request #407 from ocrybit/add-code-block

keillera · web-flow · commit 4757c2a7a21d · 2020-02-25T17:00:58.000+09:00
エディターのコードブロック追加に伴って&lt;pre&gt;と&lt;code&gt;タグを許可
diff --git a/src/common/settings.py b/src/common/settings.py
@@ -276,7 +276,7 @@
 html_allowed_tags = ['a', 'b', 'blockquote', 'br', 'h2', 'h3', 'i', 'p', 'u', 'img', 'hr',
                      'div', 'figure', 'figcaption']
 html_allowed_tags_v2 = ['a', 'strong', 'blockquote', 'br', 'h2', 'h3', 'i', 'p', 'img', 'hr',
-                        'figure', 'figcaption', 'oembed']
+                        'figure', 'figcaption', 'oembed', 'pre', 'code']
 
 ng_user_name = [
     'about', 'account', 'activity', 'add', 'admin', 'all', 'alpha', 'analysis',
diff --git a/src/common/text_sanitizer.py b/src/common/text_sanitizer.py
@@ -1,6 +1,7 @@
 import settings
 import bleach
 import os
+import re
 from urllib.parse import urlparse
 from jsonschema import ValidationError
 
@@ -106,6 +107,13 @@ def allow_oembed_v2(tag, name, value):
             return is_url
         return False
 
+    @staticmethod
+    def allow_code_v2(tag, name, value):
+        if name == 'class':
+            if re.match("language-", value):
+                return True
+        return False
+
     @staticmethod
     def sanitize_article_body_v2(text):
         if text is None:
@@ -118,7 +126,8 @@ def sanitize_article_body_v2(text):
                 'a': ['href'],
                 'img': TextSanitizer.allow_img_v2,
                 'figure': TextSanitizer.allow_figure_v2,
-                'oembed': TextSanitizer.allow_oembed_v2
+                'oembed': TextSanitizer.allow_oembed_v2,
+                'code': TextSanitizer.allow_code_v2
             }
         )
 
diff --git a/tests/common/test_text_sanitizer.py b/tests/common/test_text_sanitizer.py
@@ -257,6 +257,7 @@ def test_sanitize_article_body_v2(self):
               <figcaption>hoge</figcaption>
             </figure>
             <p>shift+enter<br>test</p>
+            <pre><code class="language-javascript">const ALIS = "cool"</code></pre>
         '''.format(domain=os.environ['DOMAIN'])
 
         result = TextSanitizer.sanitize_article_body_v2(target_html)
@@ -353,6 +354,19 @@ def test_sanitize_article_body_with_a_unauthorized_class(self):
 
         self.assertEqual(result, expected_html)
 
+    def test_sanitize_article_body_with_code_unauthorized_class(self):
+        target_html = '''
+        <pre><code class='image hogehoge' data='aaa'></code></pre>
+        '''
+
+        expected_html = '''
+        <pre><code></code></pre>
+        '''
+
+        result = TextSanitizer.sanitize_article_body_v2(target_html)
+
+        self.assertEqual(result, expected_html)
+
     def test_validate_img_url_ok(self):
         img_url = 'https://' + os.environ['DOMAIN'] + '/img/test.jpg'
         result = TextSanitizer.validate_img_url(img_url)
