Use "strip" in bleach

This removes forbidden html, rather than leaving them in place but unrendered.
bookwyrm-social · Jul 4, 2022 · 9d9b7f3 · 9d9b7f3
1 parent 70beb24
commit 9d9b7f3
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/bookwyrm/tests/test_sanitize_html.py b/bookwyrm/tests/test_sanitize_html.py
@@ -32,14 +32,14 @@ def test_valid_html_invalid_attrs(self):
         self.assertEqual(output, '<a href="fish.com">yes    </a> <i>html</i>')
 
     def test_invalid_html(self):
-        """remove all html when the html is malformed"""
+        """don't allow malformed html"""
         input_text = "<b>yes  <i>html</i>"
         output = clean(input_text)
-        self.assertEqual("yes  html", output)
+        self.assertEqual("<b>yes  <i>html</i></b>", output)
 
         input_text = "yes <i></b>html   </i>"
         output = clean(input_text)
-        self.assertEqual("yes html   ", output)
+        self.assertEqual("yes <i>html   </i>", output)
 
     def test_disallowed_html(self):
         """remove disallowed html but keep allowed html"""

diff --git a/bookwyrm/utils/sanitizer.py b/bookwyrm/utils/sanitizer.py
@@ -22,4 +22,5 @@ def clean(input_text):
             "li",
         ],
         attributes=["href", "rel", "src", "alt"],
+        strip=True,
     )