Setup Bleach to Sanitize Articles

[codyseibert]

Is your feature request related to a problem? Please describe.

Articles are created using CK-Editor which can allow people to upload malicious HTML. We need to sanitize that HTML before the UI can try to display it.

Describe the solution you'd like

We want to install Bleach https://github.com/mozilla/bleach so that we can sanitize the HTML uploaded when users created and edit articles.

Describe alternatives you've considered

Bleach is supposed to be a good library.

Additional context

Add any other context such as screenshots, schematics, about the feature request here.

[Kaushal-Dhungel]

Hello @codyseibert. I would like to work on it although I have no idea what bleach is.

[codyseibert]

@Kaushal-Dhungel https://github.com/mozilla/bleach check out the readme. It should be straight forward. Pip install it. Make sure you do a pip freeze > requirements.txt, and then use the example code for when people create articles. We want to run bleach.clean over the article content before we save it into the database.

[Kaushal-Dhungel]

I think overriding the save method would be the best way to do it. Or should I do it in views before saving it to the database??

[codyseibert]

I think overriding save on the model would be safest, but make sure it's safe to call bleach on a already sanitized html. Because if the user just needs to update the title, we don't want the sanitizer to mess up the content if ran twice.

[Kaushal-Dhungel]

As per the video by Dennis, the article model is going to be removed. I asked in the discord if I should still work on this issue or not and Praveen suggested skipping this as of now. Should I still work on this or take another issue??

[PraveenMalethia]

You can skip this for now! If you can take any other issue ?! lemme know @Kaushal-Dhungel

[MidouWebDev]

Articles will be removed