From 5b4f9ccfaf12ba2db3137e1f34167d4273fc82fb Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Sun, 25 Jul 2021 22:14:11 +0200 Subject: [PATCH] fdfd --- drama/helpers/alerts.py | 13 +++++++++++++ drama/helpers/sanitize.py | 8 +++----- drama/routes/comments.py | 9 +++++++-- drama/routes/posts.py | 2 ++ drama/routes/users.py | 1 + seed.sql | 0 6 files changed, 26 insertions(+), 7 deletions(-) delete mode 100644 seed.sql diff --git a/drama/helpers/alerts.py b/drama/helpers/alerts.py index ef620a3c0a..bcc2b1fded 100644 --- a/drama/helpers/alerts.py +++ b/drama/helpers/alerts.py @@ -9,6 +9,7 @@ from .sanitize import * def send_notification(vid, user, text): text = text.replace('r/', 'r\/').replace('u/', 'u\/') + text = text.replace("\n", "\n\n") with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) @@ -36,6 +37,8 @@ def send_notification(vid, user, text): def send_pm(vid, user, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) @@ -59,6 +62,8 @@ def send_pm(vid, user, text): def send_follow_notif(vid, user, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) @@ -84,6 +89,8 @@ def send_follow_notif(vid, user, text): def send_unfollow_notif(vid, user, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) @@ -109,6 +116,8 @@ def send_unfollow_notif(vid, user, text): def send_block_notif(vid, user, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) @@ -134,6 +143,8 @@ def send_block_notif(vid, user, text): def send_unblock_notif(vid, user, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) @@ -159,6 +170,8 @@ def send_unblock_notif(vid, user, text): def send_admin(vid, text): + text = text.replace("\n", "\n\n") + with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text)) text_html = sanitize(text_html, linkgen=True) diff --git a/drama/helpers/sanitize.py b/drama/helpers/sanitize.py index 54bdba8696..8473180d23 100644 --- a/drama/helpers/sanitize.py +++ b/drama/helpers/sanitize.py @@ -41,10 +41,7 @@ _allowed_tags = tags = ['b', ] _allowed_attributes = { - 'a': ['href', 'title', "rel", "data-original-name"], - 'i': [], - 'img': ['src', 'class'], - 'span': ['style'] + '*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name'] } _allowed_protocols = [ @@ -54,7 +51,8 @@ _allowed_protocols = [ _allowed_styles =[ 'color', - 'font-weight' + 'font-weight', + 'margin-bottom' ] # filter to make all links show domain on hover diff --git a/drama/routes/comments.py b/drama/routes/comments.py index 5f47250743..7f2a2c7dcd 100644 --- a/drama/routes/comments.py +++ b/drama/routes/comments.py @@ -419,7 +419,8 @@ def api_comment(v): name = f'comment/{c.base36id}/{secrets.token_urlsafe(8)}' url = upload_file(name, file) - body = request.form.get("body") + f"\n\n![]({url})" + body = request.form.get("body") + f"\n![]({url})" + body = body.replace("\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md, linkgen=True) @@ -475,6 +476,7 @@ def api_comment(v): included. \n\n*This is an automated message; if you need help, you can message us [here](/contact).*""" + body = body.replace("\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) @@ -503,6 +505,7 @@ def api_comment(v): g.db.flush() body = random.choice(choices) + body = body.replace("\n", "\n\n") with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html2 = sanitize(body_md, linkgen=True) c_aux = CommentAux( @@ -698,6 +701,7 @@ def edit_comment(cid, v): body = request.form.get("body", "")[0:10000] for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') + body = body.replace("\n", "\n\n") with CustomRenderer(post_id=c.post.base36id) as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md, linkgen=True) @@ -794,7 +798,8 @@ def edit_comment(cid, v): name = f'comment/{c.base36id}/{secrets.token_urlsafe(8)}' url = upload_file(name, file) - body += f"\n\n![]({url})" + body += f"\n![]({url})" + body = body.replace("\n", "\n\n") with CustomRenderer(post_id=c.parent_submission) as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md, linkgen=True) diff --git a/drama/routes/posts.py b/drama/routes/posts.py index 8ba76eeae9..5c07205b95 100644 --- a/drama/routes/posts.py +++ b/drama/routes/posts.py @@ -276,6 +276,7 @@ def edit_post(pid, v): body = request.form.get("body", "") for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') + body = body.replace("\n", "\n\n") with CustomRenderer() as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md, linkgen=True) @@ -894,6 +895,7 @@ def submit_post(v): # render text for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})') + body = body.replace("\n", "\n\n") with CustomRenderer() as renderer: body_md = renderer.render(mistletoe.Document(body)) body_html = sanitize(body_md, linkgen=True) diff --git a/drama/routes/users.py b/drama/routes/users.py index b5e19f7033..1f77132474 100644 --- a/drama/routes/users.py +++ b/drama/routes/users.py @@ -75,6 +75,7 @@ def get_profilecss(username): def messagereply(v, username, id): message = request.form.get("message", "")[:1000].strip() user = get_user(username) + message = message.replace("\n", "\n\n") with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message)) text_html = sanitize(text_html, linkgen=True) parent = get_comment(int(id), v=v) diff --git a/seed.sql b/seed.sql deleted file mode 100644 index e69de29bb2..0000000000