CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Another attempt at correct sanitization of HTML in invoice content (#2279)

Browse Source
This commit is contained in:
Raphael Michel
2021-11-03 11:13:43 +01:00
committed by GitHub
parent 0c508c5ba4
commit 60be99fbb2
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/pretix/base/invoice.py
View File

@@ -550,7 +550,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
for line in self.invoice.lines.all(): for line in self.invoice.lines.all():
if has_taxes: if has_taxes:
tdata.append(( tdata.append((
Paragraph(line.description, self.stylesheet['Normal']), Paragraph(
bleach.clean(line.description, tags=['br']).strip().replace('<br>', '<br/>').replace('\n', '<br />\n'),
self.stylesheet['Normal']
),
"1", "1",
localize(line.tax_rate) + " %", localize(line.tax_rate) + " %",
money_filter(line.net_value, self.invoice.event.currency), money_filter(line.net_value, self.invoice.event.currency),
@@ -558,7 +561,10 @@ class ClassicInvoiceRenderer(BaseReportlabInvoiceRenderer):
)) ))
else: else:
tdata.append(( tdata.append((
Paragraph(line.description, self.stylesheet['Normal']), Paragraph(
bleach.clean(line.description, tags=['br']).strip().replace('<br>', '<br/>').replace('\n', '<br />\n'),
self.stylesheet['Normal']
),
"1", "1",
money_filter(line.gross_value, self.invoice.event.currency), money_filter(line.gross_value, self.invoice.event.currency),
)) ))