From 338235f0dcc6db4adffe4f98d4c7dbd55702a832 Mon Sep 17 00:00:00 2001
From: Todd Dembrey <todd.dembrey@torchbox.com>
Date: Fri, 1 Feb 2019 16:36:57 +0000
Subject: [PATCH] Update to pass HTML in and out of django

---
 opentech/apply/funds/serializers.py                       | 8 ++++++++
 .../src/app/src/components/RichTextForm/index.js          | 2 +-
 opentech/static_src/src/app/src/containers/Note.js        | 3 +--
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/opentech/apply/funds/serializers.py b/opentech/apply/funds/serializers.py
index e323fc5b0..bd0a79964 100644
--- a/opentech/apply/funds/serializers.py
+++ b/opentech/apply/funds/serializers.py
@@ -1,8 +1,12 @@
+import mistune
 from rest_framework import serializers
+from django_bleach.templatetags.bleach_tags import bleach_value
 
 from opentech.apply.activity.models import Activity
 from .models import ApplicationSubmission, RoundsAndLabs
 
+markdown = mistune.Markdown()
+
 
 class ActionSerializer(serializers.Field):
     def to_representation(self, instance):
@@ -108,11 +112,15 @@ class RoundLabSerializer(serializers.ModelSerializer):
 
 class CommentSerializer(serializers.ModelSerializer):
     user = serializers.StringRelatedField()
+    message = serializers.SerializerMethodField()
 
     class Meta:
         model = Activity
         fields = ('id', 'timestamp', 'user', 'submission', 'message', 'visibility')
 
+    def get_message(self, obj):
+        return bleach_value(markdown(obj.message))
+
 
 class CommentCreateSerializer(serializers.ModelSerializer):
     user = serializers.StringRelatedField()
diff --git a/opentech/static_src/src/app/src/components/RichTextForm/index.js b/opentech/static_src/src/app/src/components/RichTextForm/index.js
index 2e4061889..bf3496108 100644
--- a/opentech/static_src/src/app/src/components/RichTextForm/index.js
+++ b/opentech/static_src/src/app/src/components/RichTextForm/index.js
@@ -57,6 +57,6 @@ export default class RichTextForm extends React.Component {
     }
 
     handleSubmit = () => {
-        this.props.onSubmit(this.state.value.toString('markdown'), this.resetEditor);
+        this.props.onSubmit(this.state.value.toString('html'), this.resetEditor);
     }
 }
diff --git a/opentech/static_src/src/app/src/containers/Note.js b/opentech/static_src/src/app/src/containers/Note.js
index 58551e46f..9f297145b 100644
--- a/opentech/static_src/src/app/src/containers/Note.js
+++ b/opentech/static_src/src/app/src/containers/Note.js
@@ -2,7 +2,6 @@ import React from 'react';
 import { connect } from 'react-redux';
 import PropTypes from 'prop-types';
 import moment from 'moment';
-import { markdown } from 'markdown';
 
 import { getNoteOfID } from '@selectors/notes';
 import NoteListingItem from '@components/NoteListingItem';
@@ -21,7 +20,7 @@ class Note extends React.Component {
 
         return <NoteListingItem
                 user={note.user}
-                message={markdown.toHTML(note.message)}
+                message={note.message}
                 timestamp={moment(note.timestamp)}
         />;
     }
-- 
GitLab