From 74134d389697fb4216dfdb17ab04feab9a6dd21a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20I=C3=9Fbr=C3=BCcker?= Date: Sat, 18 Feb 2023 18:25:54 +0100 Subject: [PATCH] Escape texts in exported HTML (#429) --- bookmarks/services/exporter.py | 5 +++-- bookmarks/tests/test_exporter.py | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 bookmarks/tests/test_exporter.py diff --git a/bookmarks/services/exporter.py b/bookmarks/services/exporter.py index 459b6fe..289aa67 100644 --- a/bookmarks/services/exporter.py +++ b/bookmarks/services/exporter.py @@ -1,3 +1,4 @@ +import html from typing import List from bookmarks.models import Bookmark @@ -28,8 +29,8 @@ def append_list_start(doc: BookmarkDocument): def append_bookmark(doc: BookmarkDocument, bookmark: Bookmark): url = bookmark.url - title = bookmark.resolved_title - desc = bookmark.resolved_description + title = html.escape(bookmark.resolved_title or '') + desc = html.escape(bookmark.resolved_description or '') tags = ','.join(bookmark.tag_names) toread = '1' if bookmark.unread else '0' added = int(bookmark.date_added.timestamp()) diff --git a/bookmarks/tests/test_exporter.py b/bookmarks/tests/test_exporter.py new file mode 100644 index 0000000..aab46af --- /dev/null +++ b/bookmarks/tests/test_exporter.py @@ -0,0 +1,28 @@ +from django.test import TestCase + +from bookmarks.services import exporter +from bookmarks.tests.helpers import BookmarkFactoryMixin + + +class ExporterTestCase(TestCase, BookmarkFactoryMixin): + def test_escape_html_in_title_and_description(self): + bookmark = self.setup_bookmark( + title='