From 1dc46e3afec2bf829ad5b4895bbad25b1712dab2 Mon Sep 17 00:00:00 2001 From: Daniel Schadt Date: Sat, 2 Jul 2022 22:49:38 +0200 Subject: allow images in markdown descriptions This might need some fine tuning in the future --- fietsboek/static/theme.css | 4 ++++ fietsboek/templates/details.jinja2 | 4 +++- fietsboek/util.py | 7 +++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/fietsboek/static/theme.css b/fietsboek/static/theme.css index d373c93..fbb9c89 100644 --- a/fietsboek/static/theme.css +++ b/fietsboek/static/theme.css @@ -14,6 +14,10 @@ body { align-items: center; } +.track-description img { + max-width: 100%; +} + .admin-badge-list * { margin-left: 5px; margin-right: 5px; diff --git a/fietsboek/templates/details.jinja2 b/fietsboek/templates/details.jinja2 index f741d4e..5ef64b9 100644 --- a/fietsboek/templates/details.jinja2 +++ b/fietsboek/templates/details.jinja2 @@ -109,7 +109,9 @@ {% endif %} {% if description %} - {{ description }} +
+ {{ description }} +

{% endif %}

{{ _("page.details.comments") }}

diff --git a/fietsboek/util.py b/fietsboek/util.py index 9a8e596..56f0656 100644 --- a/fietsboek/util.py +++ b/fietsboek/util.py @@ -16,7 +16,10 @@ from sqlalchemy import select ALLOWED_TAGS = (bleach.sanitizer.ALLOWED_TAGS + # Allow headings ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'] + - ['p']) + ['p'] + ['img']) + +ALLOWED_ATTRIBUTES = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES) +ALLOWED_ATTRIBUTES['img'] = ['alt', 'src'] def safe_markdown(md_source): @@ -31,7 +34,7 @@ def safe_markdown(md_source): :rtype: Markup """ html = markdown.markdown(md_source, output_format='html5') - html = bleach.clean(html, tags=ALLOWED_TAGS) + html = bleach.clean(html, tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES) return Markup(html) -- cgit v1.2.3