Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

Prevent user from entering HTML through the forms #72

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ develop-eggs
.installed.cfg
lib
lib64
env
.env
venv
.venv

# Installer logs
pip-log.txt
Expand Down
11 changes: 6 additions & 5 deletions djangocms_forms/forms.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
from django.template.loader import get_template, render_to_string
from django.utils.translation import ugettext_lazy as _

from django_bleach.forms import BleachField
from ipware.ip import get_ip
from unidecode import unidecode

Expand Down Expand Up @@ -154,7 +155,7 @@ def prepare_text(self, field):
field_attrs.update({
'widget': forms.TextInput(attrs=widget_attrs)
})
return forms.CharField(**field_attrs)
return BleachField(**field_attrs)

def prepare_textarea(self, field):
field_attrs = field.build_field_attrs()
Expand All @@ -163,7 +164,7 @@ def prepare_textarea(self, field):
field_attrs.update({
'widget': forms.Textarea(attrs=widget_attrs)
})
return forms.CharField(**field_attrs)
return BleachField(**field_attrs)

def prepare_email(self, field):
field_attrs = field.build_field_attrs()
Expand Down Expand Up @@ -271,7 +272,7 @@ def prepare_hidden(self, field):
field_attrs.update({
'widget': forms.HiddenInput(attrs=widget_attrs),
})
return forms.CharField(**field_attrs)
return BleachField(**field_attrs)

def prepare_number(self, field):
field_attrs = field.build_field_attrs()
Expand All @@ -298,7 +299,7 @@ def prepare_password(self, field):
field_attrs.update({
'widget': forms.PasswordInput(attrs=widget_attrs),
})
return forms.CharField(**field_attrs)
return BleachField(**field_attrs)

def prepare_phone(self, field):
field_attrs = field.build_field_attrs()
Expand All @@ -307,7 +308,7 @@ def prepare_phone(self, field):
field_attrs.update({
'widget': TelephoneInput(attrs=widget_attrs),
})
return forms.CharField(**field_attrs)
return BleachField(**field_attrs)

def save(self, request):
form_data = []
Expand Down
1 change: 1 addition & 0 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
include_package_data=True,
install_requires=[
'django-appconf',
'django-bleach>=0.4.0',
'django-ipware',
'jsonfield',
'unidecode',
Expand Down