EDEV-91: Move from bleach to nh3 (#1574)

etna/ciim/utils.py

@@ -5,7 +5,7 @@
 from django.urls import NoReverseMatch, reverse
 from django.utils.safestring import mark_safe
 
-import bleach
+import nh3
 
 from pyquery import PyQuery as pq
 
@@ -258,8 +258,23 @@ def format_link(link_html: str) -> Dict[str, str]:
     return {"href": href, "id": id, "text": document.text()}
 
 
-def strip_html(value: str, preserve_marks=False):
-    tags = []
-    if preserve_marks:
-        tags.append("mark")
-    return mark_safe(bleach.clean(value, tags=tags, strip=True))
+def strip_html(value: str, *, preserve_marks, ensure_spaces):
+    """
+    Temporary HTML sanitiser to remove unwanted tags from data.
+    K-int will eventually sanitise this at API level.
+    preserve_marks=True will keep <mark> tags in the output, otherwise they are removed.
+
+    Replacing <span> and <p> tags is necessary to prevent "bunched" data,
+    "This is a<span>test</span>example" will return as "This is atestexample"
+    without the placement of the space.
+    """
+    clean_tags = {"span", "p"} if ensure_spaces else set()
+    clean_html = nh3.clean(
+        value, tags={*clean_tags, "mark"} if preserve_marks else clean_tags
+    )
+    for tag in clean_tags:
+        opening_regex = rf"<{tag}[^>]*>"
+        closing_regex = rf"</{tag}>"
+        clean_html = re.sub(opening_regex, " ", clean_html)
+        clean_html = re.sub(closing_regex, "", clean_html)
+    return mark_safe(clean_html.lstrip())

etna/feedback/forms.py

@@ -12,7 +12,7 @@
 from wagtail.models import Page, Revision, Site
 from wagtail.models.sites import get_site_for_hostname
 
-import bleach
+import nh3
 
 from etna.feedback import constants
 from etna.feedback.models import FeedbackSubmission
@@ -168,7 +168,7 @@ def clean_comment(self) -> str:
         value = self.cleaned_data.get("comment")
         if value is None:
             return ""
-        return bleach.clean(value, strip=True)
+        return nh3.clean(value)
 
     def clean(self) -> str:
         # Validate the 'signature' value against the 'id' value

etna/records/models.py

@@ -156,7 +156,7 @@ def has_source_url(self) -> bool:
     @cached_property
     def summary_title(self) -> str:
         if raw := self._get_raw_summary_title():
-            return mark_safe(strip_html(raw, preserve_marks=True))
+            return mark_safe(strip_html(raw, preserve_marks=True, ensure_spaces=True))
         return raw
 
     def _get_raw_summary_title(self) -> str:
@@ -267,7 +267,7 @@ def listing_description(self) -> str:
         will be left in-tact, but and other HTML is stripped.
         """
         if raw := self._get_raw_description(use_highlights=True):
-            return mark_safe(strip_html(raw, preserve_marks=True))
+            return mark_safe(strip_html(raw, preserve_marks=True, ensure_spaces=True))
         return ""
 
     def _get_raw_description(self, use_highlights: bool = False) -> str:

etna/records/tests/test_models.py

@@ -191,11 +191,11 @@ def test_listing_description(self):
         self.assertEqual(
             self.record.listing_description,
             (
-                "\nThis series contains papers concering a wide variety of legal matters referred "
+                "This series contains papers concering a wide variety of legal matters referred "
                 "to the Law Officers for their advice or approval and includes applications for the "
                 "Attorney General's General Fiat for leave to appeal to the House of Lords in criminal "
-                "cases."
-                "\nAlso included are a number of opinions, more of which can be found in LO 3"
+                "cases. "
+                "Also included are a number of opinions, more of which can be found in LO 3"
             ),
         )