Skip to content

Commit

Permalink
Merge pull request #187 from syslabcom/scrum-2408-getVocabulary-2
Browse files Browse the repository at this point in the history 
getVocabulary: Do run scrub_html on individual items
  • Loading branch information
@cillianderoiste
cillianderoiste authored Jul 30, 2024
2 parents a467cb5 + 256fc2c commit 1ebaff2
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions src/recensio/plone/browser/vocabulary.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,20 @@
from Products.CMFCore.utils import getToolByName
from Products.MimetypesRegistry.MimeTypeItem import guess_icon_path
from Products.MimetypesRegistry.MimeTypeItem import PREFIX
from Products.PortalTransforms.transforms.safe_html import hasScript
from Products.PortalTransforms.transforms.safe_html import SafeHTML
from zope.i18n import translate

import itertools


class RecensioVocabularyView(VocabularyView):
def maybe_scrub(self, value):
if value and (hasScript(value) or "<" in value):
transform = SafeHTML()
return transform.scrub_html(value)
return value

def __call__(self): # noqa: C901
"""
Accepts GET parameters of:
Expand Down Expand Up @@ -103,7 +110,6 @@ def __call__(self): # noqa: C901
attributes = attributes.split(",")

translate_ignored = self.get_translated_ignored()
transform = SafeHTML()
if attributes:
base_path = self.get_base_path(context)
sm = getSecurityManager()
Expand Down Expand Up @@ -154,15 +160,15 @@ def __call__(self): # noqa: C901
else:
items = [
{
"id": item.value,
"text": (item.title if item.title else ""),
"id": unescape(self.maybe_scrub(item.value)),
"text": (
unescape(self.maybe_scrub(item.title)) if item.title else ""
),
}
for item in results
]

if total == 0:
total = len(items)

return unescape(
transform.scrub_html(json_dumps({"results": items, "total": total}))
)
return json_dumps({"results": items, "total": total})

0 comments on commit 1ebaff2

Please sign in to comment.