Skip to content

Commit d7f30e3

Browse files
BogayBogay
authored
Merge pull request #323 from Normal-OJ/prevent-double-escape-for-markdown-field
fix: don't escape markdown fields
2 parents 4c9a21f + 653ca7f commit d7f30e3

2 files changed

Lines changed: 0 additions & 67 deletions

File tree

mongo/engine.py

Lines changed: 0 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
from mongoengine import *
2-
from mongoengine import signals
32
import mongoengine
43
import os
5-
import html
64
from enum import IntEnum
75
from datetime import datetime
86
from zipfile import ZipFile, BadZipFile
@@ -24,29 +22,6 @@
2422
connect('normal-oj', host=MONGO_HOST)
2523

2624

27-
def handler(event):
28-
'''
29-
Signal decorator to allow use of callback functions as class decorators.
30-
reference: http://docs.mongoengine.org/guide/signals.html
31-
'''
32-
33-
def decorator(fn):
34-
35-
def apply(cls):
36-
event.connect(fn, sender=cls)
37-
return cls
38-
39-
fn.apply = apply
40-
return fn
41-
42-
return decorator
43-
44-
45-
@handler(signals.pre_save)
46-
def escape_markdown(sender, document):
47-
document.markdown = html.escape(document.markdown)
48-
49-
5025
class ZipField(FileField):
5126

5227
def __init__(self, max_size=0, **ks):
@@ -172,7 +147,6 @@ def info(self):
172147
}
173148

174149

175-
@escape_markdown.apply
176150
class Homework(Document):
177151

178152
homework_name = StringField(
@@ -263,26 +237,7 @@ class ProblemDescription(EmbeddedDocument):
263237
db_field='sampleOutput',
264238
)
265239

266-
def escape(self):
267-
self.description, self.input, self.output, self.hint = (html.escape(
268-
v or '') for v in (
269-
self.description,
270-
self.input,
271-
self.output,
272-
self.hint,
273-
))
274-
_io = zip(self.sample_input, self.sample_output)
275-
for i, (ip, op) in enumerate(_io):
276-
self.sample_input[i] = ip or html.escape(ip)
277-
self.sample_output[i] = op or html.escape(op)
278-
279-
280-
@handler(signals.pre_save)
281-
def problem_desc_escape(sender, document):
282-
document.description.escape()
283-
284240

285-
@problem_desc_escape.apply
286241
class Problem(Document):
287242

288243
class Visibility:
@@ -419,7 +374,6 @@ class Submission(Document):
419374
ip_addr = StringField(default=None, null=True)
420375

421376

422-
@escape_markdown.apply
423377
class Message(Document):
424378
timestamp = DateTimeField(default=datetime.now)
425379
sender = StringField(max_length=16, required=True)
@@ -429,7 +383,6 @@ class Message(Document):
429383
markdown = StringField(max_length=100000, required=True)
430384

431385

432-
@escape_markdown.apply
433386
class Announcement(Document):
434387
status = IntField(default=0, choices=[0, 1]) # not delete / delete
435388
title = StringField(max_length=64, required=True)
@@ -442,7 +395,6 @@ class Announcement(Document):
442395
pinned = BooleanField(default=False)
443396

444397

445-
@escape_markdown.apply
446398
class PostThread(Document):
447399
markdown = StringField(default='', required=True, max_length=100000)
448400
author = ReferenceField('User', db_field='author')

tests/test_mongo_engine.py

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -26,22 +26,3 @@ def test_not_in(self):
2626
def test_in(self):
2727
d = Duration()
2828
assert datetime.datetime.now() in d
29-
30-
31-
from mongo.engine import ProblemDescription
32-
33-
34-
class TestProblemDescription:
35-
36-
def test_escape(self):
37-
pd = ProblemDescription()
38-
pd.description = '<h1>description</h1>'
39-
pd.input = 'input'
40-
pd.output = 'output'
41-
pd.hint = '<script>hint</script>'
42-
pd.sample_input = ['123', '456']
43-
pd.sample_output = ['789', '101']
44-
pd.escape()
45-
import html
46-
assert pd.description == html.escape('<h1>description</h1>')
47-
assert pd.hint == html.escape('<script>hint</script>')

0 commit comments

Comments
 (0)