From 550a7abfbc84b26edc19d8f055f116986b4a0442 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Thu, 4 Jun 2026 08:49:06 +0000 Subject: [PATCH] Move old helper functions - Only used for this migration - Will potentially be removed at some point in the future? --- src/backend/InvenTree/InvenTree/helpers.py | 76 ------------------- .../migrations/0045_auto_20260525_0956.py | 32 +++++++- 2 files changed, 31 insertions(+), 77 deletions(-) diff --git a/src/backend/InvenTree/InvenTree/helpers.py b/src/backend/InvenTree/InvenTree/helpers.py index 8192d98997..01ad445ffe 100644 --- a/src/backend/InvenTree/InvenTree/helpers.py +++ b/src/backend/InvenTree/InvenTree/helpers.py @@ -29,12 +29,6 @@ from PIL import Image from stdimage.models import StdImageField, StdImageFieldFile from common.currency import currency_code_default -from InvenTree.sanitizer import ( - DEFAULT_ATTRS, - DEFAULT_CSS, - DEFAULT_PROTOCOLS, - DEFAULT_TAGS, -) logger = structlog.get_logger('inventree') @@ -939,76 +933,6 @@ def remove_non_printable_characters(value: str, remove_newline=True) -> str: return cleaned -def get_markdownify_settings() -> dict: - """Return the settings for markdownify, or an empty dict if not defined.""" - try: - return settings.MARKDOWNIFY['default'] - except (AttributeError, KeyError): - return {} - - -def markdown_to_html(value: str) -> str: - """Convert a markdown string to HTML. - - This function will remove javascript and other potentially harmful content from the markdown string. - """ - import markdown - - markdownify_settings = get_markdownify_settings() - extensions = markdownify_settings.get('MARKDOWN_EXTENSIONS', []) - extension_configs = markdownify_settings.get('MARKDOWN_EXTENSION_CONFIGS', {}) - - html = markdown.markdown( - value or '', - extensions=extensions, - extension_configs=extension_configs, - output_format='html', - ) - - return html - - -def clean_markdown(value: str) -> str: - """Clean a markdown string. - - This function will remove javascript and other potentially harmful content from the markdown string. - """ - html = markdown_to_html(value) - - markdownify_settings = get_markdownify_settings() - - whitelist_tags = markdownify_settings.get('WHITELIST_TAGS', DEFAULT_TAGS) - whitelist_attrs = markdownify_settings.get('WHITELIST_ATTRS', DEFAULT_ATTRS) - whitelist_styles = markdownify_settings.get('WHITELIST_STYLES', DEFAULT_CSS) - whitelist_protocols = markdownify_settings.get( - 'WHITELIST_PROTOCOLS', DEFAULT_PROTOCOLS - ) - - # Convert bleach-style attributes (list or dict) to nh3-compatible dict format - if isinstance(whitelist_attrs, (list, tuple, set, frozenset)): - attrs_dict = {'*': set(whitelist_attrs)} - elif isinstance(whitelist_attrs, dict): - attrs_dict = {tag: set(allowed) for tag, allowed in whitelist_attrs.items()} - else: - attrs_dict = None - - # Clean the HTML content (for comparison). This must be the same as the original content - clean_html = nh3.clean( - html, - tags=set(whitelist_tags), - attributes=attrs_dict, - url_schemes=set(whitelist_protocols), - filter_style_properties=set(whitelist_styles), - link_rel=None, - strip_comments=True, - ) - - if html != clean_html: - raise ValidationError(_('Data contains prohibited markdown content')) - - return value - - def hash_barcode(barcode_data: str) -> str: """Calculate a 'unique' hash for a barcode string. diff --git a/src/backend/InvenTree/common/migrations/0045_auto_20260525_0956.py b/src/backend/InvenTree/common/migrations/0045_auto_20260525_0956.py index a4f47d718a..251bfca76b 100644 --- a/src/backend/InvenTree/common/migrations/0045_auto_20260525_0956.py +++ b/src/backend/InvenTree/common/migrations/0045_auto_20260525_0956.py @@ -4,7 +4,37 @@ from tqdm import tqdm from django.db import migrations -from InvenTree.helpers import markdown_to_html + +def get_markdownify_settings() -> dict: + """Return the settings for markdownify, or an empty dict if not defined.""" + + from django.conf import settings + + try: + return settings.MARKDOWNIFY['default'] + except (AttributeError, KeyError): + return {} + + +def markdown_to_html(value: str) -> str: + """Convert a markdown string to HTML. + + This function will remove javascript and other potentially harmful content from the markdown string. + """ + import markdown + + markdownify_settings = get_markdownify_settings() + extensions = markdownify_settings.get('MARKDOWN_EXTENSIONS', []) + extension_configs = markdownify_settings.get('MARKDOWN_EXTENSION_CONFIGS', {}) + + html = markdown.markdown( + value or '', + extensions=extensions, + extension_configs=extension_configs, + output_format='html', + ) + + return html def migrate_notes(apps, schema_editor):