diff --git a/opentech/apply/funds/blocks.py b/opentech/apply/funds/blocks.py
index 770c321c26e15c2cea647c5a68b689fd2b68d87f..829c46a26faabbe1f63a5c18da6640815f92ec68 100644
--- a/opentech/apply/funds/blocks.py
+++ b/opentech/apply/funds/blocks.py
@@ -39,6 +39,7 @@ class RichTextFieldBlock(TextFieldBlock):
widget = TinyMCE(mce_attrs={
'elementpath': False,
'branding': False,
+ 'toolbar1': 'undo redo | styleselect | bold italic | bullist numlist | link'
})
class Meta:
diff --git a/opentech/apply/funds/models.py b/opentech/apply/funds/models.py
index 35a80820ccb906157ce1a99e77a6e4ece0d1aff8..3297a2e85aaadf3e38e5656b4f4122690508717e 100644
--- a/opentech/apply/funds/models.py
+++ b/opentech/apply/funds/models.py
@@ -477,7 +477,7 @@ class ApplicationSubmission(WorkflowHelpers, AbstractFormSubmission):
return super().save(*args, **kwargs)
- def render(self):
+ def render_answers(self):
context = {'fields': []}
for field in self.form_fields:
try:
@@ -494,6 +494,8 @@ class ApplicationSubmission(WorkflowHelpers, AbstractFormSubmission):
data = [choices[value] for value in data]
except KeyError:
data = [choices[int(value)] for value in data]
+ else:
+ data = str(data)
context['fields'].append({
'field': form_field,
diff --git a/opentech/apply/funds/templates/funds/applicationsubmission_detail.html b/opentech/apply/funds/templates/funds/applicationsubmission_detail.html
index a1ef36dcc465cb62d9aa329edc7e544831745530..b0b641b80c2c58f2b31dcac2e996be91e9d07995 100644
--- a/opentech/apply/funds/templates/funds/applicationsubmission_detail.html
+++ b/opentech/apply/funds/templates/funds/applicationsubmission_detail.html
@@ -20,7 +20,7 @@
Email {{ object.email }}
</div>
<div>
- {{ object.render }}
+ {{ object.render_answers }}
</div>
</div>
<div>
diff --git a/opentech/apply/funds/templates/funds/includes/submission_field.html b/opentech/apply/funds/templates/funds/includes/submission_field.html
index ac7bdbc3b48091948ee117890a9ea0bcebd8af3b..ae084fb7e3fa9748586133d584f5b3cb789d4dd6 100644
--- a/opentech/apply/funds/templates/funds/includes/submission_field.html
+++ b/opentech/apply/funds/templates/funds/includes/submission_field.html
@@ -1,3 +1,4 @@
+{% load bleach_tags %}
{% for field in fields %}
<div>
<h5>{{ field.field.label }}</h5>
@@ -10,7 +11,7 @@
{% endfor %}
</div>
{% else %}
- <div>{{ field.value }}</div>
+ <div>{{ field.value|bleach }}</div>
{% endif %}
</div>
{% endfor %}
diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index 7499a8eda9417a09e0fe25261cb474dc384b9d2d..98a914eb542689104f6514b39b923bf6c44f237f 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -60,6 +60,7 @@ INSTALLED_APPS = [
'django_filters',
'django_select2',
'addressfield',
+ 'django_bleach',
'django.contrib.admin',
'django.contrib.auth',
@@ -318,3 +319,14 @@ SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
)
+
+# Bleach Settings
+BLEACH_ALLOWED_TAGS = ['h2', 'h3', 'p', 'b', 'i', 'em', 'strong', 'a', 'ul', 'ol', 'li']
+
+BLEACH_ALLOWED_ATTRIBUTES = ['href', 'title', 'style']
+
+BLEACH_ALLOWED_STYLES = ['font-family', 'font-weight', 'text-decoration', 'font-variant']
+
+BLEACH_STRIP_TAGS = True
+
+BLEACH_STRIP_COMMENTS = True
diff --git a/requirements.txt b/requirements.txt
index 497a0a0b9301df600ce0914bddf67b6fbe671f79..9a8e1221bbcdd67d36852ee7c27ba38e1461334c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,6 +2,7 @@ Django==1.11.8
wagtail==1.13.1
psycopg2==2.7.3.1
Pillow==4.3.0
+django-bleach==0.3.0
django-extensions==1.7.4
django-countries==5.1
Werkzeug==0.11.11