diff options
-rwxr-xr-x | aurweb/scripts/rendercomment.py | 8 | ||||
-rwxr-xr-x | test/t2600-rendercomment.sh | 3 |
2 files changed, 7 insertions, 4 deletions
diff --git a/aurweb/scripts/rendercomment.py b/aurweb/scripts/rendercomment.py index 593cd36a..7e8a16b8 100755 --- a/aurweb/scripts/rendercomment.py +++ b/aurweb/scripts/rendercomment.py @@ -2,6 +2,7 @@ import sys import bleach +import markdown import aurweb.db @@ -22,9 +23,10 @@ def main(): conn = aurweb.db.Connection() - html = get_comment(conn, commentid) - html = html.replace('\n', '<br>') - html = bleach.clean(html, tags=['br']) + text = get_comment(conn, commentid) + html = markdown.markdown(text, extensions=['nl2br']) + allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['p', 'br'] + html = bleach.clean(html, tags=allowed_tags) save_rendered_comment(conn, commentid, html) conn.commit() diff --git a/test/t2600-rendercomment.sh b/test/t2600-rendercomment.sh index 8d79336d..50a5adb9 100755 --- a/test/t2600-rendercomment.sh +++ b/test/t2600-rendercomment.sh @@ -11,7 +11,8 @@ test_expect_success 'Test comment rendering.' ' EOD "$RENDERCOMMENT" 1 && cat <<-EOD >expected && - Hello world!<br>This is a comment. + <p>Hello world!<br> + This is a comment.</p> EOD cat <<-EOD | sqlite3 aur.db >actual && SELECT RenderedComment FROM PackageComments WHERE ID = 1; |