From 1af1d8c658020c43577e6c59471a36f7f9b80f68 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Tue, 18 Feb 2020 09:45:20 +0100
Subject: [PATCH] Add rich_text_snippet

---
 src/pretix/base/templatetags/rich_text.py | 31 ++++++++++++++++++-----
 src/pretix/presale/checkoutflow.py        |  3 ++-
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/src/pretix/base/templatetags/rich_text.py b/src/pretix/base/templatetags/rich_text.py
index 3987b0252..54a1a206d 100644
--- a/src/pretix/base/templatetags/rich_text.py
+++ b/src/pretix/base/templatetags/rich_text.py
@@ -12,19 +12,23 @@ from django.utils.safestring import mark_safe
 
 register = template.Library()
 
-ALLOWED_TAGS = [
+ALLOWED_TAGS_SNIPPET = [
     'a',
     'abbr',
     'acronym',
     'b',
-    'blockquote',
     'br',
     'code',
     'em',
     'i',
+    'strong',
+    'span',
+    # Update doc/user/markdown.rst if you change this!
+]
+ALLOWED_TAGS = ALLOWED_TAGS_SNIPPET + [
+    'blockquote',
     'li',
     'ol',
-    'strong',
     'ul',
     'p',
     'table',
@@ -34,7 +38,6 @@ ALLOWED_TAGS = [
     'td',
     'th',
     'div',
-    'span',
     'hr',
     'h1',
     'h2',
@@ -95,7 +98,8 @@ def markdown_compile_email(source):
     ), parse_email=True)
 
 
-def markdown_compile(source):
+def markdown_compile(source, snippet=False):
+    tags = ALLOWED_TAGS_SNIPPET if snippet else ALLOWED_TAGS
     return bleach.clean(
         markdown.markdown(
             source,
@@ -104,7 +108,8 @@ def markdown_compile(source):
                 'markdown.extensions.nl2br'
             ]
         ),
-        tags=ALLOWED_TAGS,
+        strip=snippet,
+        tags=tags,
         attributes=ALLOWED_ATTRIBUTES,
         protocols=ALLOWED_PROTOCOLS,
     )
@@ -122,3 +127,17 @@ def rich_text(text: str, **kwargs):
         parse_email=True
     )
     return mark_safe(body_md)
+
+
+@register.filter
+def rich_text_snippet(text: str, **kwargs):
+    """
+    Processes markdown and cleans HTML in a text input.
+    """
+    text = str(text)
+    body_md = bleach.linkify(
+        markdown_compile(text, snippet=True),
+        callbacks=DEFAULT_CALLBACKS + ([safelink_callback] if kwargs.get('safelinks', True) else [abslink_callback]),
+        parse_email=True
+    )
+    return mark_safe(body_md)
diff --git a/src/pretix/presale/checkoutflow.py b/src/pretix/presale/checkoutflow.py
index a7cca77be..cd519bd75 100644
--- a/src/pretix/presale/checkoutflow.py
+++ b/src/pretix/presale/checkoutflow.py
@@ -21,6 +21,7 @@ from pretix.base.services.cart import (
     get_fees, set_cart_addons, update_tax_rates,
 )
 from pretix.base.services.orders import perform_order
+from pretix.base.templatetags.rich_text import rich_text_snippet
 from pretix.base.views.tasks import AsyncAction
 from pretix.multidomain.urlreverse import eventreverse
 from pretix.presale.forms.checkout import (
@@ -664,7 +665,7 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep):
                     v = _('Yes')
                 elif v is False:
                     v = _('No')
-                ctx['contact_info'].append((value.label, v))
+                ctx['contact_info'].append((rich_text_snippet(value.label), v))
 
         return ctx