From 592b06700c557ae2b36866aef4b95d3c4d2842bd Mon Sep 17 00:00:00 2001
From: denis_shtanskii <denis_shtanskii@bk.ru>
Date: Sun, 5 Jan 2025 14:50:50 +0300
Subject: [PATCH] =?UTF-8?q?refactor:=20=D0=92=D1=81=D0=B5=20=D0=B2=D0=B5?=
 =?UTF-8?q?=D1=80=D0=BD=D1=83=D0=BB=20=D0=BD=D0=B0=D0=B7=D0=B0=D0=B4,=20?=
 =?UTF-8?q?=D0=BF=D0=BB=D1=8E=D1=81=20=D1=80=D0=B0=D0=B7=D1=80=D0=B5=D1=88?=
 =?UTF-8?q?=D0=B8=D0=BB=20=D1=82=D0=B5=D0=B3=D0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/backend/api/v1/profile/constants.py    | 16 ++++++++++++++++
 src/backend/api/v1/profile/serializers.py  | 20 ++++++++++++++------
 src/backend/api/v1/projects/serializers.py |  8 ++++----
 3 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/src/backend/api/v1/profile/constants.py b/src/backend/api/v1/profile/constants.py
index b9a4e06..15558d2 100644
--- a/src/backend/api/v1/profile/constants.py
+++ b/src/backend/api/v1/profile/constants.py
@@ -1 +1,17 @@
 PROFILES_PAGE_SIZE = 7
+ALLOWED_TAGS_BY_FRONT = [
+    "ol",
+    "ul",
+    "li",
+    "em",
+    "strong",
+    "u",
+    "br",
+    "p",
+    "span",
+    # разрешенные теги котоыре не нужно очищать
+]
+ALLOWED_ATTRIBUTES_BY_FRONT = {
+    "span": ["class", "style", "contenteditable"],
+    # разрещенные атрибуты.
+}
diff --git a/src/backend/api/v1/profile/serializers.py b/src/backend/api/v1/profile/serializers.py
index 9b54032..befa621 100644
--- a/src/backend/api/v1/profile/serializers.py
+++ b/src/backend/api/v1/profile/serializers.py
@@ -1,4 +1,4 @@
-# import html
+import html
 from typing import ClassVar, Optional
 
 import bleach
@@ -14,6 +14,10 @@
     ProfessionSerializer,
     SkillSerializer,
 )
+from api.v1.profile.constants import (
+    ALLOWED_ATTRIBUTES_BY_FRONT,
+    ALLOWED_TAGS_BY_FRONT,
+)
 from apps.general.constants import MAX_SKILLS, MAX_SKILLS_MESSAGE
 from apps.general.models import Profession
 from apps.profile.constants import MAX_SPECIALISTS, MAX_SPECIALISTS_MESSAGE
@@ -233,10 +237,10 @@ class Meta(BaseProfileSerializer.Meta):
         )
         read_only_fields = fields
 
-    # def to_representation(self, instance):
-    #     rep = super().to_representation(instance)
-    #     rep["about"] = html.unescape(rep["about"])
-    #     return rep
+    def to_representation(self, instance):
+        rep = super().to_representation(instance)
+        rep["about"] = html.unescape(rep["about"])
+        return rep
 
 
 class ProfileMeWriteSerializer(ProfileMeReadSerializer):
@@ -265,5 +269,9 @@ def validate_about(self, value):
         HTML-тегов и атрибутов.
         """
 
-        safe_about = bleach.clean(value)
+        safe_about = bleach.clean(
+            value,
+            tags=ALLOWED_TAGS_BY_FRONT,
+            attributes=ALLOWED_ATTRIBUTES_BY_FRONT,
+        )
         return safe_about
diff --git a/src/backend/api/v1/projects/serializers.py b/src/backend/api/v1/projects/serializers.py
index 9910bed..9b51ee4 100644
--- a/src/backend/api/v1/projects/serializers.py
+++ b/src/backend/api/v1/projects/serializers.py
@@ -562,10 +562,10 @@ class Meta(BaseParticipationRequestSerializer.Meta):
         )
         read_only_field = ("request_participants",)
 
-        # def to_representation(self, instance):
-        #     rep = super().to_representation(instance)
-        #     rep["cover_letter"] = instance.cover_letter
-        #     return rep
+        def to_representation(self, instance):
+            rep = super().to_representation(instance)
+            rep["cover_letter"] = instance.cover_letter
+            return rep
 
     def get_request_status(self, obj) -> str:
         """Метод получения статуса запроса."""