Job board: job_detail page leaks HTML from description #2307
Description
Describe the bug
On the Jobs board detail page, HTML from the description "bleeds" into the <meta property="og:description" tag in the <head>. For an example, see https://www.python.org/jobs/7329/ (at the top of the page).
To Reproduce
Steps to reproduce the behavior:
- Go to any jobs detail page, one that has HTML in the description
- Look at the top of the page
- You'll see partial rendered HTML from the job description. It's being leaked out of the
<meta property="og:description"tag.
Expected behavior
The top of the jobs detail page does not leak part of the job description.
Screenshots
Desktop (please complete the following information):
- OS: (Gentoo) Linux
- Browser: Firefox
- Version: 117.0
Additional context
Possible fix:
diff --git a/templates/jobs/job_detail.html b/templates/jobs/job_detail.html
index 82ddd3f..12c204a 100644
--- a/templates/jobs/job_detail.html
+++ b/templates/jobs/job_detail.html
@@ -8,7 +8,7 @@
{% block content_attributes %}with-right-sidebar{% endblock %}
{% block og_title %}Job: {{ object.job_title }} at {{ object.company_name }}{% endblock %}
-{% block og-descript %}{{ object.description|truncatechars:200 }}{% endblock %}
+{% block og-descript %}{{ object.description|striptags|truncatechars:200 }}{% endblock %}
{% block content %}
{% load companies %}Metadata
Metadata
Assignees
Labels
Projects
Milestone
Relationships
Participants
Activity
Mubeen-Ul-Hassan commentedon Oct 9, 2023
Hi,
I tried to fix and I have fixed it but not very sure until it doesn't deploy and run. Can you guide me a little on how to check it I run that file on Firefox but doesn't look as it should.
hugovk commentedon Oct 9, 2023
There are detailed instructions on how to set up with Docker at https://pythondotorg.readthedocs.io/install.html
Fix HTML leak in job_detail
job_detail#2316Fix HTML leak in job_detail