Sanitize jam/event descriptions

author Chris Fulljames <christianfulljames@gmail.com>

Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)

committer Chris Fulljames <christianfulljames@gmail.com>

Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)
author Chris Fulljames <christianfulljames@gmail.com>
Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)
committer Chris Fulljames <christianfulljames@gmail.com>
Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)
diff --git a/src/littlesongplace/jams.py b/src/littlesongplace/jams.py

index a3f0033596555e1ce7829f228240b88e6ef39d38..0bcdbe5e64b069e34ef849d1997434cbc258c8df 100644 (file)
--- a/src/littlesongplace/jams.py
+++ b/src/littlesongplace/jams.py
@@ -4,6 +4,7 @@ from datetime import datetime, timezone
  from flask import Blueprint, g, redirect, render_template, url_for
  
  from . import auth, db
+from .sanitize import sanitize_user_text
  
  bp = Blueprint("jams", __name__, url_prefix="/jams")
  
@@ -100,7 +101,7 @@ class Jam:
          return cls(
                  jamid=row["jamid"],
                  title=row["title"],
-                description=row["description"], # TODO: Sanitize
+                description=sanitize_user_text(row["description"] or ""),
                  ownerid=row["userid"],
                  ownername=row["username"],
                  created=datetime.fromisoformat(row["created"]),
@@ -131,7 +132,7 @@ class JamEvent:
                  title=row["title"],
                  startdate=datetime.fromisoformat(row["startdate"]),
                  enddate=datetime.fromisoformat(row["enddate"]),
-                description=row["description"], # TODO: Sanitize
+                description=sanitize_user_text(row["description"] or ""),
                  # TODO: Comment object?
                  comments=comments,
          )
author	Chris Fulljames <christianfulljames@gmail.com>
	Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)
committer	Chris Fulljames <christianfulljames@gmail.com>
	Sat, 12 Apr 2025 11:30:16 +0000 (07:30 -0400)