diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-01-27 10:59:50 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-27 10:59:50 -0500 |
| commit | e54746bdf7d5c831eabe4dcea76a7626f1de73df (patch) | |
| tree | 262d65e6c945adfa2d64bfe51e70c09d2e1d7d06 /synapse/push | |
| parent | Add a note to changelog about redis usage (#9227) (diff) | |
| download | synapse-e54746bdf7d5c831eabe4dcea76a7626f1de73df.tar.xz | |
Clean-up the template loading code. (#9200)
* Enables autoescape by default for HTML files. * Adds a new read_template method for reading a single template. * Some logic clean-up.
Diffstat (limited to 'synapse/push')
| -rw-r--r-- | synapse/push/mailer.py | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/synapse/push/mailer.py b/synapse/push/mailer.py index 4d875dcb91..745b1dde94 100644 --- a/synapse/push/mailer.py +++ b/synapse/push/mailer.py @@ -668,6 +668,15 @@ class Mailer: def safe_markup(raw_html: str) -> jinja2.Markup: + """ + Sanitise a raw HTML string to a set of allowed tags and attributes, and linkify any bare URLs. + + Args + raw_html: Unsafe HTML. + + Returns: + A Markup object ready to safely use in a Jinja template. + """ return jinja2.Markup( bleach.linkify( bleach.clean( @@ -684,8 +693,13 @@ def safe_markup(raw_html: str) -> jinja2.Markup: def safe_text(raw_text: str) -> jinja2.Markup: """ - Process text: treat it as HTML but escape any tags (ie. just escape the - HTML) then linkify it. + Sanitise text (escape any HTML tags), and then linkify any bare URLs. + + Args + raw_text: Unsafe text which might include HTML markup. + + Returns: + A Markup object ready to safely use in a Jinja template. """ return jinja2.Markup( bleach.linkify(bleach.clean(raw_text, tags=[], attributes={}, strip=False)) |