Refactor vacancy description and partner profile to use HTML editor in backend

Output is cleaned with `bleach` in the frontend

Refactor vacancy description and partner profile to use HTML editor in backend
Output is cleaned with `bleach` in the frontend
3320b0ba · Luuk Scholten · 5c9ead0f · 3320b0ba · 3320b0ba · 3320b0ba
Commit 3320b0ba authored Aug 13, 2016 by Luuk Scholten
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,3 +4,5 @@ Pillow
 django-static-precompiler>=1.4,<2
 django-sendfile==0.3.10
 django-template-check  # This should be in dev-requirements somehow
+bleach==1.4.3
+django-tinymce==2.3.0
--- a/website/partners/migrations/0004_add_tinymce_to_vacancy_and_partner.py
+++ b/website/partners/migrations/0004_add_tinymce_to_vacancy_and_partner.py
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10 on 2016-08-13 11:20
+from __future__ import unicode_literals
+
+from django.db import migrations
+import tinymce.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('partners', '0003_vacancy'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='partner',
+            name='company_profile',
+            field=tinymce.models.HTMLField(blank=True),
+        ),
+        migrations.AlterField(
+            model_name='vacancy',
+            name='description',
+            field=tinymce.models.HTMLField(blank=True),
+        ),
+    ]
--- a/website/partners/models.py
+++ b/website/partners/models.py
@@ -2,6 +2,7 @@ from django.db import models
 from django.core.validators import RegexValidator, URLValidator

 from utils.translation import MultilingualField, ModelTranslateMeta
+from tinymce.models import HTMLField


 class Partner(models.Model):
@@ -14,7 +15,7 @@ class Partner(models.Model):
        blank=True,
        validators=[URLValidator()]
    )
-    company_profile = models.TextField(max_length=3072, blank=True)
+    company_profile = HTMLField(blank=True)
    logo = models.ImageField(upload_to='public/partners/logos/')
    site_header = models.ImageField(
        upload_to='public/partners/headers/',
@@ -81,7 +82,7 @@ class VacancyCategory(models.Model, metaclass=ModelTranslateMeta):

 class Vacancy(models.Model):
    title = models.CharField(max_length=255)
-    description = models.TextField(max_length=3072)
+    description = HTMLField(blank=True)
    link = models.CharField(
        max_length=255,
        blank=True,

--- a/website/partners/templates/partners/index.html
+++ b/website/partners/templates/partners/index.html
@@ -31,7 +31,7 @@
                </div>
                <h4>{{ main_partner.name }}</h4>

-                <p>{{ main_partner.company_profile|truncatechars:425 }}</p>
+                <p>{{ main_partner.company_profile|striptags|truncatechars:425 }}</p>

                <p>
                    <a href="{% url "partners:partner" main_partner.slug %}" class="link-style3">
@@ -61,7 +61,7 @@
                                <a href="{% url 'partners:partner' partner.slug %}">
                                    <div class="post-overlay-meta">
                                        <h2>{{ partner.name }}</h2>
-                                        <p>{{ partner.company_profile|truncatechars:180 }}</p>
+                                        <p>{{ partner.company_profile|striptags|truncatechars:180 }}</p>
                                        <span class="partner-logo-overlay-readmore">{% trans "Learn more" %} &raquo; </span>
                                    </div>
                                    <div class="klikbaar"></div>

--- a/website/partners/templates/partners/partner.html
+++ b/website/partners/templates/partners/partner.html
 {% extends "base.html" %}
-{% load i18n %}
+{% load i18n bleach_tags %}

 {% block header_image %}{% spaceless %}
    {% if partner.site_header %}
@@ -18,7 +18,7 @@
    <div class="row">
        <div class="span8">
            <div id="bedrijfsomschrijving">
-                {{ partner.company_profile }}
+                {{ partner.company_profile|bleach }}
            </div>
        </div>
        <div class="span4">
@@ -81,7 +81,7 @@
                            <li id="vacancy-{{ vacancy.id }}">
                                <div class="toggle-title"><a href="#"><span></span>{{ vacancy.title }}</a></div>
                                <div class="toggle-content">
-                                    {{ vacancy.description }}
+                                    {{ vacancy.description|bleach }}

                                    {% if vacancy.link %}
                                        <br /><br />

--- a/website/partners/templates/partners/vacancies.html
+++ b/website/partners/templates/partners/vacancies.html
 {% extends 'base.html' %}
-{% load i18n %}
+{% load i18n bleach_tags %}

 {% block body %}
 <h1>{% trans "Vacancies" %}</h1>
@@ -46,7 +46,7 @@
                        {{ vacancy.get_company_name }}
                        <small>{{ vacancy.title }}</small>
                    </h5>
-                    <p>{{ vacancy.description|truncatechars:150 }}</p>
+                    <p>{{ vacancy.description|striptags|truncatechars:150 }}</p>
                    <div class="team-readmore">
                        {% if vacancy.partner %}
                             <a href="{% url 'partners:partner' slug=vacancy.partner.slug %}#vacancy-{{ vacancy.id }}">
@@ -80,7 +80,7 @@
                                     </a>
                                 </div>
                                 <div class="toggle-content">
-                                     {{ vacancy.description }}
+                                     {{ vacancy.description|bleach }}

                                     {% if vacancy.link %}
                                         <br /><br />

--- a/website/thaliawebsite/settings/settings.py
+++ b/website/thaliawebsite/settings/settings.py
@@ -41,6 +41,7 @@ INSTALLED_APPS = [
    'django.contrib.staticfiles',
    # Dependencies
    'static_precompiler',
+    'tinymce',
    # Our apps
    'thaliawebsite',  # include for admin settings
    'members',

--- a/website/thaliawebsite/templatetags/bleach_tags.py
+++ b/website/thaliawebsite/templatetags/bleach_tags.py
+from __future__ import unicode_literals, print_function, absolute_import
+
+from bleach import clean
+from django import template
+from django.template.defaultfilters import stringfilter
+from django.utils.safestring import mark_safe
+
+register = template.Library()
+
+
+@register.filter(is_safe=True)
+@stringfilter
+def bleach(value):
+    """Bleach dangerous html from the input"""
+
+    return mark_safe(
+        clean(
+            value,
+            tags=['h2', 'h3', 'p', 'a', 'div',
+                  'strong', 'em', 'i', 'b', 'ul', 'li', 'br', 'ol'],
+            attributes={
+                '*': ['class'],
+                'a': ['href', 'rel', 'target', 'title'],
+                'img': ['alt', 'title'],
+            },
+            strip=True
+        )
+    )
--- a/website/thaliawebsite/urls.py
+++ b/website/thaliawebsite/urls.py
@@ -48,5 +48,7 @@ urlpatterns = [
    # Default login helpers
    url(r'^', include('django.contrib.auth.urls')),
    url(r'^i18n/', include('django.conf.urls.i18n')),
+    # Dependencies
+    url(r'^tinymce/', include('tinymce.urls')),
 ] + static(settings.MEDIA_URL + 'public/',
           document_root=os.path.join(settings.MEDIA_ROOT, 'public'))