From d0bb28425ec40cfb3c8fbcc35a6b2442106df0d6 Mon Sep 17 00:00:00 2001 From: why-not-try-calmer Date: Thu, 7 Sep 2023 14:30:23 +0200 Subject: [PATCH] property-based escaping --- docker-app/qfieldcloud/core/models.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/docker-app/qfieldcloud/core/models.py b/docker-app/qfieldcloud/core/models.py index 659b13c57..03458ed1f 100644 --- a/docker-app/qfieldcloud/core/models.py +++ b/docker-app/qfieldcloud/core/models.py @@ -1,4 +1,4 @@ -import json +import html import logging import os import secrets @@ -6,7 +6,7 @@ import uuid from datetime import datetime, timedelta from enum import Enum -from typing import Any, List, Optional, cast +from typing import List, Optional, cast import django_cryptography.fields from deprecated import deprecated @@ -22,7 +22,6 @@ from django.db.models.aggregates import Count, Sum from django.db.models.fields.json import JSONField from django.urls import reverse_lazy -from django.utils import html from django.utils.functional import cached_property from django.utils.translation import gettext as _ from model_utils.managers import InheritanceManager, InheritanceManagerMixin @@ -1611,17 +1610,6 @@ def method(self): return self.content.get("method") -class HtmlSafeDecoder(json.JSONDecoder): - def __init__(self, *args, **kwargs): - super().__init__(self, object_hook=self.object_hook, *args, **kwargs) - - def object_hook(self, obj) -> dict[str, Any]: - """Ensure that the value at `error` is html-escaped.""" - if "error" in obj: - obj["error"] = html.escape(obj["error"]) - return obj - - class Job(models.Model): objects = InheritanceManager() @@ -1650,7 +1638,7 @@ class Status(models.TextChoices): max_length=32, choices=Status.choices, default=Status.PENDING, db_index=True ) output = models.TextField(null=True) - feedback = JSONField(null=True, decoder=HtmlSafeDecoder) + feedback = JSONField(null=True) created_by = models.ForeignKey(User, on_delete=models.CASCADE) created_at = models.DateTimeField(auto_now_add=True, db_index=True) updated_at = models.DateTimeField(auto_now=True, db_index=True) @@ -1663,6 +1651,10 @@ class Status(models.TextChoices): max_length=64, default="", blank=True, db_index=True ) + @property + def escaped_output(self) -> str: + return html.escape(self.output) + @property def short_id(self) -> str: return str(self.id)[0:8]