Sanitizing (with bleach) output before diffing revisions. Only allowing h4, br and p tags.

opentech/apply/funds/differ.py

@@ -29,16 +29,16 @@ def compare(answer_a, answer_b, should_bleach=True):
 
     if should_bleach:
         if isinstance(answer_a, str):
-            answer_a = bleach.clean(answer_a)
+            answer_a = bleach.clean(answer_a, tags=['section', 'h4', 'p', 'br'], attributes={}, strip=True)
         else:
             answer_a = str(answer_a)
 
         if isinstance(answer_b, str):
-            answer_b = bleach.clean(answer_b)
+            answer_b = bleach.clean(answer_b, tags=['section', 'h4', 'p', 'br'], attributes={}, strip=True)
         else:
             answer_b = str(answer_b)
 
-    diff = SequenceMatcher(lambda x: '\n' in x, answer_a, answer_b)
+    diff = SequenceMatcher(lambda x: '\n\r' in x, answer_a, answer_b)
     output = []
     added = []
     deleted = []

opentech/apply/funds/templates/funds/applicationrevision_list.html

@@ -14,7 +14,7 @@
         {% for revision in object_list %}
             <li class="revision__item">
                 <p class="revision__meta">
-                    <span class="revision__date">{{ revision.timestamp|date:"m.d.y h:iA e"}} </span>
+                    <span class="revision__date">{{ revision.timestamp|date:"Y-m-d H:i e"}} </span>
                     by {{ revision.author }}
                     {% if forloop.first %}
                         <span class="revision__current">- current</span>

opentech/apply/funds/views.py

@@ -809,7 +809,7 @@ class RevisionCompareView(DetailView):
 
         # Compare all the answers
         diffed_text_fields_answers = [
-            compare(*fields, should_bleach=False)
+            compare(*fields, should_bleach=True)
             for fields in zip(from_rendered_text_fields, to_rendered_text_fields)
         ]