Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: fix script tag quot escaped (#37296)

Browse Source
This commit is contained in:
Mubbshar Anwar
2025-08-28 19:01:19 +05:00
committed by GitHub
parent a86d29f155
commit 052b930ef5
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lms/djangoapps/discussion/rest_api/discussions_notifications.py
View File

@@ -2,6 +2,7 @@
Discussion notifications sender util.
"""
import re
import html
from bs4 import BeautifulSoup, Tag
from django.conf import settings
@@ -447,7 +448,9 @@ def clean_thread_html_body(html_body):
"""
Get post body with tags removed and limited to 500 characters
"""
html_body = BeautifulSoup(Truncator(html_body).chars(500, html=True), 'html.parser')
truncated_body = Truncator(html_body).chars(500, html=True)
truncated_body = html.unescape(truncated_body)
html_body = BeautifulSoup(truncated_body, 'html.parser')
tags_to_remove = [
"a", "link", # Link Tags

12
lms/djangoapps/discussion/rest_api/tests/test_discussions_notifications.py
View File

@@ -2,7 +2,6 @@
Unit tests for the DiscussionNotificationSender class
"""
import re
import django
import unittest
from unittest.mock import MagicMock, patch
@@ -109,13 +108,12 @@ class TestCleanThreadHtmlBody(unittest.TestCase):
<p>Script test: <script>alert("hello");</script></p>
<p>Some other content that should remain.</p>
"""
excepted_script_quot = 'alert(&amp;quot;hello&amp;quot;);' if django.VERSION >= (5, 0) else 'alert("hello");'
expected_output = (
f'<p style="margin: 0">This is a link to a page.</p>'
f'<p style="margin: 0">Here is an image: </p>'
f'<p style="margin: 0">Embedded video: </p>'
f'<p style="margin: 0">Script test: {excepted_script_quot}</p>'
f'<p style="margin: 0">Some other content that should remain.</p>'
'<p style="margin: 0">This is a link to a page.</p>'
'<p style="margin: 0">Here is an image: </p>'
'<p style="margin: 0">Embedded video: </p>'
'<p style="margin: 0">Script test: alert("hello");</p>'
'<p style="margin: 0">Some other content that should remain.</p>'
)
result = clean_thread_html_body(html_body)