Use a global sanitizer config

32177f7f · Manon Blanco · 569f5eab · 32177f7f · 32177f7f
Commit 32177f7f authored 4 years ago by Manon Blanco
--- a/arkindex/documents/serializers/light.py
+++ b/arkindex/documents/serializers/light.py
 import markdown
 from django.db.models import Max
-from html_sanitizer import Sanitizer
+from html_sanitizer.django import get_sanitizer
 from rest_framework import serializers
 from rest_framework.exceptions import APIException, ValidationError

@@ -106,7 +106,7 @@ class MetaDataLightSerializer(serializers.ModelSerializer):
    def to_representation(self, instance):
        # The value must be HTML
        if instance.type == MetaType.Markdown:
-            sanitizer = Sanitizer()
+            sanitizer = get_sanitizer()
            html = markdown.markdown(instance.value)
            instance.value = sanitizer.sanitize(html)
        return super().to_representation(instance)

--- a/arkindex/project/settings.py
+++ b/arkindex/project/settings.py
@@ -274,6 +274,19 @@ SPECTACULAR_SETTINGS = {
    ]
 }

+# Sanitizer config
+HTML_SANITIZERS = {
+    'default': {
+        'tags': {
+            'a', 'h1', 'h2', 'h3', 'strong', 'em', 'p',
+            'ul', 'ol', 'li', 'br', 'sub', 'sup', 'hr',
+            'table', 'thead', 'tbody', 'tr', 'th', 'td'
+        },
+        'empty': {'hr', 'a', 'br', 'th'},
+        'is_mergeable': lambda e1, e2: False,
+    },
+}
+
 SEARCH_FILTER_MAX_TERMS = 10

 # Elastic search config