From b62760cbe1a7c3d0edabe291920c5a0279c669f4 Mon Sep 17 00:00:00 2001
From: Marco Ciotola <848222@stud.unive.it>
Date: Tue, 3 Mar 2020 16:09:39 +0100
Subject: [PATCH] [bleach] actually use bleach

---
 helios/models.py   | 6 +++++-
 helios/tests.py    | 4 ++--
 helios/views.py    | 2 +-
 server_ui/views.py | 2 +-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/helios/models.py b/helios/models.py
index 772559c..25ecae3 100644
--- a/helios/models.py
+++ b/helios/models.py
@@ -197,7 +197,11 @@ class Election(HeliosModel):
 
   @property
   def description_bleached(self):
-    return bleach.clean(self.description, tags = bleach.ALLOWED_TAGS + ['p', 'h4', 'h5', 'h3', 'h2', 'br', 'u'])
+    return bleach.clean(self.description,
+                        tags=bleach.ALLOWED_TAGS + ['p', 'h4', 'h5', 'h3', 'h2', 'br', 'u'],
+                        strip=True,
+                        strip_comments=True,
+                        )
 
   @classmethod
   def get_featured(cls):
diff --git a/helios/tests.py b/helios/tests.py
index 5a5f601..1c44d6b 100644
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -434,7 +434,7 @@ class ElectionBlackboxTests(WebTest):
 
     def test_get_election_shortcut(self):
         response = self.client.get("/helios/e/%s" % self.election.short_name, follow=True)
-        self.assertContains(response, self.election.description)
+        self.assertContains(response, self.election.description_bleached)
         
     def test_get_election_raw(self):
         response = self.client.get("/helios/elections/%s" % self.election.uuid, follow=False)
@@ -442,7 +442,7 @@ class ElectionBlackboxTests(WebTest):
     
     def test_get_election(self):
         response = self.client.get("/helios/elections/%s/view" % self.election.uuid, follow=False)
-        self.assertContains(response, self.election.description)
+        self.assertContains(response, self.election.description_bleached)
 
     def test_get_election_questions(self):
         response = self.client.get("/helios/elections/%s/questions" % self.election.uuid, follow=False)
diff --git a/helios/views.py b/helios/views.py
index ac52823..babd179 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -959,7 +959,7 @@ def one_election_copy(request, election):
     name = "Copy of " + election.name,
     election_type = election.election_type,
     private_p = election.private_p,
-    description = election.description,
+    description = election.description_bleached,
     questions = election.questions,
     eligibility = election.eligibility,
     openreg = election.openreg,
diff --git a/server_ui/views.py b/server_ui/views.py
index 2dbaa1a..5010dbc 100644
--- a/server_ui/views.py
+++ b/server_ui/views.py
@@ -36,7 +36,7 @@ def home(request):
   else:
     elections_voted = None
  
-  auth_systems = copy.copy(settings.AUTH_ENABLED_AUTH_SYSTEMS)
+  auth_systems = copy.copy(settings.AUTH_ENABLED_SYSTEMS)
   try:
     auth_systems.remove('password')
   except: pass
-- 
GitLab