fdfd

2021-07-25 22:14:11 +02:00 · 2021-07-25 22:14:11 +02:00 · 5b4f9ccfaf
parent 14dbd1ff8b
commit 5b4f9ccfaf
6 changed files with 26 additions and 7 deletions
--- a/drama/helpers/alerts.py
+++ b/drama/helpers/alerts.py
@ -9,6 +9,7 @@ from .sanitize import *
 def send_notification(vid, user, text):

 	text = text.replace('r/', 'r\/').replace('u/', 'u\/')
+	text = text.replace("\n", "\n\n")
 	with CustomRenderer() as renderer:
 		text_html = renderer.render(mistletoe.Document(text))

@ -36,6 +37,8 @@ def send_notification(vid, user, text):

 def send_pm(vid, user, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))

 	text_html = sanitize(text_html, linkgen=True)
@ -59,6 +62,8 @@ def send_pm(vid, user, text):

 def send_follow_notif(vid, user, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer:
 		text_html = renderer.render(mistletoe.Document(text))
 	text_html = sanitize(text_html, linkgen=True)
@ -84,6 +89,8 @@ def send_follow_notif(vid, user, text):
 	
 def send_unfollow_notif(vid, user, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer:
 		text_html = renderer.render(mistletoe.Document(text))
 	text_html = sanitize(text_html, linkgen=True)
@ -109,6 +116,8 @@ def send_unfollow_notif(vid, user, text):

 def send_block_notif(vid, user, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer:
 		text_html = renderer.render(mistletoe.Document(text))
 	text_html = sanitize(text_html, linkgen=True)
@ -134,6 +143,8 @@ def send_block_notif(vid, user, text):
 	
 def send_unblock_notif(vid, user, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer:
 		text_html = renderer.render(mistletoe.Document(text))
 	text_html = sanitize(text_html, linkgen=True)
@ -159,6 +170,8 @@ def send_unblock_notif(vid, user, text):

 def send_admin(vid, text):

+	text = text.replace("\n", "\n\n")
+
 	with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(text))

 	text_html = sanitize(text_html, linkgen=True)
--- a/drama/helpers/sanitize.py
+++ b/drama/helpers/sanitize.py
@ -41,10 +41,7 @@ _allowed_tags = tags = ['b',
 						]

 _allowed_attributes = {
-	'a': ['href', 'title', "rel", "data-original-name"],
-	'i': [],
-	'img': ['src', 'class'],
-	'span': ['style']
+	'*': ['href', 'style', 'src', 'class', 'title', 'rel', 'data-original-name']
 	}

 _allowed_protocols = [
@ -54,7 +51,8 @@ _allowed_protocols = [

 _allowed_styles =[
 	'color',
-	'font-weight'
+	'font-weight',
+	'margin-bottom'
 ]

 # filter to make all links show domain on hover
--- a/drama/routes/comments.py
+++ b/drama/routes/comments.py
@ -419,7 +419,8 @@ def api_comment(v):
 			name = f'comment/{c.base36id}/{secrets.token_urlsafe(8)}'
 			url = upload_file(name, file)
 			
-			body = request.form.get("body") + f"\n\n![]({url})"
+			body = request.form.get("body") + f"\n![]({url})"
+			body = body.replace("\n", "\n\n")
 			with CustomRenderer(post_id=parent_id) as renderer:
 				body_md = renderer.render(mistletoe.Document(body))
 			body_html = sanitize(body_md, linkgen=True)
@ -475,6 +476,7 @@ def api_comment(v):
 				included. \n\n*This is an automated message; if you need help,
 				you can message us [here](/contact).*"""

+		body = body.replace("\n", "\n\n")
 		with CustomRenderer(post_id=parent_id) as renderer:
 			body_md = renderer.render(mistletoe.Document(body))

@ -503,6 +505,7 @@ def api_comment(v):
 		g.db.flush()
 	
 		body = random.choice(choices)
+		body = body.replace("\n", "\n\n")
 		with CustomRenderer(post_id=parent_id) as renderer: body_md = renderer.render(mistletoe.Document(body))
 		body_html2 = sanitize(body_md, linkgen=True)
 		c_aux = CommentAux(
@ -698,6 +701,7 @@ def edit_comment(cid, v):

 	body = request.form.get("body", "")[0:10000]
 	for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})')
+	body = body.replace("\n", "\n\n")
 	with CustomRenderer(post_id=c.post.base36id) as renderer: body_md = renderer.render(mistletoe.Document(body))
 	body_html = sanitize(body_md, linkgen=True)

@ -794,7 +798,8 @@ def edit_comment(cid, v):
 			name = f'comment/{c.base36id}/{secrets.token_urlsafe(8)}'
 			url = upload_file(name, file)

-			body += f"\n\n![]({url})"
+			body += f"\n![]({url})"
+			body = body.replace("\n", "\n\n")
 			with CustomRenderer(post_id=c.parent_submission) as renderer:
 				body_md = renderer.render(mistletoe.Document(body))
 			body_html = sanitize(body_md, linkgen=True)
--- a/drama/routes/posts.py
+++ b/drama/routes/posts.py
@ -276,6 +276,7 @@ def edit_post(pid, v):

 	body = request.form.get("body", "")
 	for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})')
+	body = body.replace("\n", "\n\n")
 	with CustomRenderer() as renderer:
 		body_md = renderer.render(mistletoe.Document(body))
 	body_html = sanitize(body_md, linkgen=True)
@ -894,6 +895,7 @@ def submit_post(v):

 	# render text
 	for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif))', body, re.MULTILINE): body = body.replace(i.group(1), f'![]({i.group(1)})')
+	body = body.replace("\n", "\n\n")
 	with CustomRenderer() as renderer:
 		body_md = renderer.render(mistletoe.Document(body))
 	body_html = sanitize(body_md, linkgen=True)
--- a/drama/routes/users.py
+++ b/drama/routes/users.py
@ -75,6 +75,7 @@ def get_profilecss(username):
 def messagereply(v, username, id):
 	message = request.form.get("message", "")[:1000].strip()
 	user = get_user(username)
+	message = message.replace("\n", "\n\n")
 	with CustomRenderer() as renderer: text_html = renderer.render(mistletoe.Document(message))
 	text_html = sanitize(text_html, linkgen=True)
 	parent = get_comment(int(id), v=v)
--- a/seed.sql
+++ b/seed.sql