def sanitize_pages_json(apps, schema_editor):
Page = apps.get_model("page", "Page")
qs = Page.objects.all()
for page in qs:
page.content_json = clean_draft_js(page.content_json)
page.save(update_fields=["content_json"])
PageTranslation = apps.get_model("page", "PageTranslation")
qs = PageTranslation.objects.all()
for page in qs:
page.content_json = clean_draft_js(page.content_json)
page.save(update_fields=["content_json"])
def sanitize_descriptions_json(apps, schema_editor):
Product = apps.get_model("product", "Product")
qs = Product.objects.all()
for product in qs:
product.description_json = clean_draft_js(product.description_json)
product.save(update_fields=["description_json"])
ProductTranslation = apps.get_model("product", "ProductTranslation")
qs = ProductTranslation.objects.all()
for product in qs:
product.description_json = clean_draft_js(product.description_json)
product.save(update_fields=["description_json"])
def test_malicious_url_image():
json_data = {
"entityMap": {
"0": {
"data": {"src": "javascript:alert();"},
"type": "IMAGE",
"mutability": "MUTABLE",
}
}
}
clean_draft_js(json_data)
assert json_data == {
"entityMap": {
"0": {"data": {"src": "#invalid"}, "type": "IMAGE", "mutability": "MUTABLE"}
}
}
def test_malicious_urls(url):
json_data = {
"entityMap": {
"0": {"data": {"url": url}, "type": "LINK", "mutability": "MUTABLE"}
}
}
assert clean_draft_js(json_data) is json_data
assert json_data == {
"entityMap": {
"0": {"data": {"url": "#invalid"}, "type": "LINK", "mutability": "MUTABLE"}
}
}