From 132b134dc5c4e17dfb61bce47bfec2b4621db182 Mon Sep 17 00:00:00 2001 From: Adam Goldsmith Date: Thu, 4 Apr 2024 00:23:06 -0400 Subject: [PATCH] membershipworks: Use nh3 to unescape event titles --- membershipworks/admin.py | 6 +++++- membershipworks/models.py | 7 ++++++- membershipworks/views.py | 1 + 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/membershipworks/admin.py b/membershipworks/admin.py index 54ad54c..a90997f 100644 --- a/membershipworks/admin.py +++ b/membershipworks/admin.py @@ -123,7 +123,7 @@ class EventInstructorAdmin(admin.ModelAdmin): class EventAdmin(DjangoObjectActions, admin.ModelAdmin): inlines = [EventMeetingTimeInline] list_display = [ - "title", + "unescaped_title", "start", "duration", "count", @@ -158,6 +158,10 @@ class EventAdmin(DjangoObjectActions, admin.ModelAdmin): fields.append("_details_timestamp") return fields + @admin.display(ordering="title") + def unescaped_title(self, obj): + return obj.unescaped_title + @admin.display(ordering="duration") def duration(self, obj): return obj.duration diff --git a/membershipworks/models.py b/membershipworks/models.py index 38e335f..c954f80 100644 --- a/membershipworks/models.py +++ b/membershipworks/models.py @@ -21,6 +21,7 @@ from django.db.models import ( from django.db.models.functions import Coalesce from django.utils import timezone +import nh3 from django_db_views.db_view import DBView @@ -425,8 +426,12 @@ class Event(BaseModel): _allowed_missing_fields = ["cap", "edp", "adn"] + @property + def unescaped_title(self): + return nh3.clean(self.title, tags=set()) + def __str__(self): - return self.title + return self.unescaped_title class EventInstructor(models.Model): diff --git a/membershipworks/views.py b/membershipworks/views.py index 9b0dafc..4dc8d6c 100644 --- a/membershipworks/views.py +++ b/membershipworks/views.py @@ -139,6 +139,7 @@ class EventTable(tables.Table): ' ' ' ' ), + accessor="unescaped_title", ) occurred = tables.BooleanColumn(visible=False) start = tables.DateColumn("N d, Y")