mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Added HTML Sanitization to the custom fields

Browse Source
This commit is contained in:
Osamu-kj
2022-08-04 18:52:25 +02:00
parent a2e84dd279
commit f874e9932d
1 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
netbox/netbox/tables/columns.py
View File

@ -1,4 +1,5 @@
from dataclasses import dataclass
from glob import escape
from typing import Optional
import django_tables2 as tables
@ -433,21 +434,21 @@ class CustomFieldColumn(tables.Column):
def render(self, value):
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is True:
return mark_safe('<i class="mdi mdi-check-bold text-success"></i>')
return escape('<i class="mdi mdi-check-bold text-success"></i>')
if self.customfield.type == CustomFieldTypeChoices.TYPE_BOOLEAN and value is False:
return mark_safe('<i class="mdi mdi-close-thick text-danger"></i>')
return escape('<i class="mdi mdi-close-thick text-danger"></i>')
if self.customfield.type == CustomFieldTypeChoices.TYPE_URL:
return mark_safe(f'<a href="{value}">{value}</a>')
return escape(f'<a href="{value}">{value}</a>')
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTISELECT:
return ', '.join(v for v in value)
if self.customfield.type == CustomFieldTypeChoices.TYPE_MULTIOBJECT:
return mark_safe(', '.join([
return escape(', '.join([
self._likify_item(obj) for obj in self.customfield.deserialize(value)
]))
if value is not None:
obj = self.customfield.deserialize(value)
return mark_safe(self._likify_item(obj))
return self.default
return escape(self._likify_item(obj))
return escape(self.default)
def value(self, value):
if isinstance(value, list):