Sanitize data before displaying in markdown editor (#3205)

* Sanitize data before displaying in markdown editor * Use the sanitize option provided by easymde * Spelling fix
2024-08-30 18:33:04 +00:00 · 2022-06-16 10:57:28 +10:00 · 2022-06-16 10:57:28 +10:00 · 9bd62f986f
commit 9bd62f986f
parent e83995b4f5
2 changed files with 6 additions and 1 deletions
--- a/InvenTree/InvenTree/mixins.py
+++ b/InvenTree/InvenTree/mixins.py
@ -35,7 +35,7 @@ class CleanMixin():
        return Response(serializer.data)

    def clean_data(self, data: dict) -> dict:
-        """Clean / snatize data.
+        """Clean / sanitize data.

        This uses mozillas bleach under the hood to disable certain html tags by
        encoding them - this leads to script tags etc. to not work.
--- a/InvenTree/templates/js/translated/helpers.js
+++ b/InvenTree/templates/js/translated/helpers.js
@ -274,6 +274,11 @@ function setupNotesField(element, url, options={}) {
        initialValue: initial,
        toolbar: toolbar_icons,
        shortcuts: [],
+        renderingConfig: {
+            markedOptions: {
+                sanitize: true,
+            }
+        }
    });