Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Job board: job_detail page leaks HTML from description #2307

Open
enku opened this issue Sep 9, 2023 · 2 comments · May be fixed by #2316
Open

Job board: job_detail page leaks HTML from description #2307

enku opened this issue Sep 9, 2023 · 2 comments · May be fixed by #2316
Labels
app/jobs Relates to the jobs app frontend Relates to the frontend of the app help-wanted The maintainers would welcome help with this issue

Comments

@enku
Copy link

enku commented Sep 9, 2023

Describe the bug
On the Jobs board detail page, HTML from the description "bleeds" into the <meta property="og:description" tag in the <head>. For an example, see https://www.python.org/jobs/7329/ (at the top of the page).

To Reproduce
Steps to reproduce the behavior:

  1. Go to any jobs detail page, one that has HTML in the description
  2. Look at the top of the page
  3. You'll see partial rendered HTML from the job description. It's being leaked out of the
    <meta property="og:description" tag.

Expected behavior
The top of the jobs detail page does not leak part of the job description.

Screenshots
image

Desktop (please complete the following information):

  • OS: (Gentoo) Linux
  • Browser: Firefox
  • Version: 117.0

Additional context
Possible fix:

diff --git a/templates/jobs/job_detail.html b/templates/jobs/job_detail.html
index 82ddd3f..12c204a 100644
--- a/templates/jobs/job_detail.html
+++ b/templates/jobs/job_detail.html
@@ -8,7 +8,7 @@
 {% block content_attributes %}with-right-sidebar{% endblock %}
 
 {% block og_title %}Job: {{ object.job_title }} at {{ object.company_name }}{% endblock %}
-{% block og-descript %}{{ object.description|truncatechars:200 }}{% endblock %}
+{% block og-descript %}{{ object.description|striptags|truncatechars:200 }}{% endblock %}
 
 {% block content %}
 {% load companies %}
@Mubeen-Ul-Hassan
Copy link

Hi,

I tried to fix and I have fixed it but not very sure until it doesn't deploy and run. Can you guide me a little on how to check it I run that file on Firefox but doesn't look as it should.

Screenshot (102)

@hugovk
Copy link
Member

hugovk commented Oct 9, 2023

There are detailed instructions on how to set up with Docker at https://pythondotorg.readthedocs.io/install.html

dorian-adams added a commit to dorian-adams/pythondotorg that referenced this issue Oct 13, 2023
@dorian-adams
Fix HTML leak in job_detail
75ae6fe 
Use `striptags` to strip all html from `og:description`, which was causing HTML to leak.

Resolves python#2307
@dorian-adams dorian-adams linked a pull request Oct 13, 2023 that will close this issue
Open
@JacobCoffee JacobCoffee mentioned this issue Sep 12, 2024
Merged
@JacobCoffee JacobCoffee added frontend Relates to the frontend of the app app/jobs Relates to the jobs app help-wanted The maintainers would welcome help with this issue labels Sep 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
app/jobs Relates to the jobs app frontend Relates to the frontend of the app help-wanted The maintainers would welcome help with this issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(frontend): HTML leak in job_detail dorian-adams/pythondotorg
4 participants
@enku @hugovk @JacobCoffee @Mubeen-Ul-Hassan