diff options
| author | Daniel Schadt <kingdread@gmx.de> | 2022-07-02 22:49:38 +0200 |
|---|---|---|
| committer | Daniel Schadt <kingdread@gmx.de> | 2022-07-02 22:54:39 +0200 |
| commit | 1dc46e3afec2bf829ad5b4895bbad25b1712dab2 (patch) | |
| tree | 338fb6ccce2bc12fe861f46ca19f889907c1f393 | |
| parent | b0ec6ad83681ae7825900fe291de0f157a623574 (diff) | |
| download | fietsboek-1dc46e3afec2bf829ad5b4895bbad25b1712dab2.tar.gz fietsboek-1dc46e3afec2bf829ad5b4895bbad25b1712dab2.tar.bz2 fietsboek-1dc46e3afec2bf829ad5b4895bbad25b1712dab2.zip | |
allow images in markdown descriptions
This might need some fine tuning in the future
| -rw-r--r-- | fietsboek/static/theme.css | 4 | ||||
| -rw-r--r-- | fietsboek/templates/details.jinja2 | 4 | ||||
| -rw-r--r-- | fietsboek/util.py | 7 |
3 files changed, 12 insertions, 3 deletions
diff --git a/fietsboek/static/theme.css b/fietsboek/static/theme.css index d373c93..fbb9c89 100644 --- a/fietsboek/static/theme.css +++ b/fietsboek/static/theme.css @@ -14,6 +14,10 @@ body { align-items: center; } +.track-description img { + max-width: 100%; +} + .admin-badge-list * { margin-left: 5px; margin-right: 5px; diff --git a/fietsboek/templates/details.jinja2 b/fietsboek/templates/details.jinja2 index f741d4e..5ef64b9 100644 --- a/fietsboek/templates/details.jinja2 +++ b/fietsboek/templates/details.jinja2 @@ -109,7 +109,9 @@ </div> {% endif %} {% if description %} - {{ description }} + <div class="track-description"> + {{ description }} + </div> <hr> {% endif %} <h2>{{ _("page.details.comments") }}</h2> diff --git a/fietsboek/util.py b/fietsboek/util.py index 9a8e596..56f0656 100644 --- a/fietsboek/util.py +++ b/fietsboek/util.py @@ -16,7 +16,10 @@ from sqlalchemy import select ALLOWED_TAGS = (bleach.sanitizer.ALLOWED_TAGS + # Allow headings ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'] + - ['p']) + ['p'] + ['img']) + +ALLOWED_ATTRIBUTES = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES) +ALLOWED_ATTRIBUTES['img'] = ['alt', 'src'] def safe_markdown(md_source): @@ -31,7 +34,7 @@ def safe_markdown(md_source): :rtype: Markup """ html = markdown.markdown(md_source, output_format='html5') - html = bleach.clean(html, tags=ALLOWED_TAGS) + html = bleach.clean(html, tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES) return Markup(html) |