html_to_text: Escape text when using as description.

2025-11-03 05:23:35 +00:00 · 2019-04-24 07:07:34 +05:30
parent 009beabe53
commit a653fcca93
3 changed files with 14 additions and 4 deletions
--- a/zerver/lib/html_to_text.py
+++ b/zerver/lib/html_to_text.py
@@ -1,5 +1,6 @@
 from bs4 import BeautifulSoup
 from django.http import HttpRequest
+from django.utils.html import escape

 from zerver.lib.cache import cache_with_key, open_graph_description_cache_key

@@ -21,8 +22,8 @@ def html_to_text(content: str) -> str:
        # .text converts it from HTML to text
        text = text + paragraph.text + ' '
        if len(text) > 500:
-            return ' '.join(text.split())
-    return ' '.join(text.split())
+            break
+    return escape(' '.join(text.split()))

@cache_with_key(open_graph_description_cache_key, timeout=3600*24)
 def get_content_description(content: bytes, request: HttpRequest) -> str:
--- a/zerver/middleware.py
+++ b/zerver/middleware.py
@@ -14,7 +14,6 @@ from django.http import HttpRequest, HttpResponse, StreamingHttpResponse
 from django.shortcuts import render
 from django.utils.cache import patch_vary_headers
 from django.utils.deprecation import MiddlewareMixin
-from django.utils.html import escape
 from django.utils.http import cookie_date
 from django.utils.translation import ugettext as _
 from django.views.csrf import csrf_failure as html_csrf_failure
@@ -456,7 +455,7 @@ class SetRemoteAddrFromForwardedFor(MiddlewareMixin):
 def alter_content(request: HttpRequest, content: bytes) -> bytes:
    first_paragraph_text = get_content_description(content, request)
    return content.replace(request.placeholder_open_graph_description.encode("utf-8"),
-                           escape(first_paragraph_text).encode("utf-8"))
+                           first_paragraph_text.encode("utf-8"))

 class FinalizeOpenGraphDescription(MiddlewareMixin):
    def process_response(self, request: HttpRequest,
--- a/zerver/tests/test_middleware.py
+++ b/zerver/tests/test_middleware.py
@@ -88,6 +88,16 @@ class OpenGraphTest(ZulipTestCase):
             "Restrict message editing"]
        )

+    def test_double_quotes(self) -> None:
+        # night-mode has a quoted string "night mode"
+        self.check_title_and_description(
+            '/help/night-mode',
+            "Night mode (Zulip Help Center)",
+            ['By default, Zulip has a white background. ',
+             'Zulip also provides a "night mode", which is great for working in a dark space.'],
+            []
+        )
+
    def test_settings_tab(self) -> None:
        # deactivate-your-account starts with {settings_tab|your-account}
        self.check_title_and_description(