From 6d47557999d48957bee059f802ad56e6da044b0b Mon Sep 17 00:00:00 2001
From: Chris Fulljames <christianfulljames@gmail.com>
Date: Sat, 12 Apr 2025 07:30:16 -0400
Subject: [PATCH] Sanitize jam/event descriptions

---
 src/littlesongplace/jams.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/littlesongplace/jams.py b/src/littlesongplace/jams.py
index a3f0033..0bcdbe5 100644
--- a/src/littlesongplace/jams.py
+++ b/src/littlesongplace/jams.py
@@ -4,6 +4,7 @@ from datetime import datetime, timezone
 from flask import Blueprint, g, redirect, render_template, url_for
 
 from . import auth, db
+from .sanitize import sanitize_user_text
 
 bp = Blueprint("jams", __name__, url_prefix="/jams")
 
@@ -100,7 +101,7 @@ class Jam:
         return cls(
                 jamid=row["jamid"],
                 title=row["title"],
-                description=row["description"], # TODO: Sanitize
+                description=sanitize_user_text(row["description"] or ""),
                 ownerid=row["userid"],
                 ownername=row["username"],
                 created=datetime.fromisoformat(row["created"]),
@@ -131,7 +132,7 @@ class JamEvent:
                 title=row["title"],
                 startdate=datetime.fromisoformat(row["startdate"]),
                 enddate=datetime.fromisoformat(row["enddate"]),
-                description=row["description"], # TODO: Sanitize
+                description=sanitize_user_text(row["description"] or ""),
                 # TODO: Comment object?
                 comments=comments,
         )
-- 
2.39.5