Merge pull request #197 from GSA/escape-url-descriptions

escapes meta tags & sanititzes publisher url
GSA · Jun 18, 2024 · aee89ad · aee89ad
2 parents 76e310a + e58e436
commit aee89ad
Show file tree

Hide file tree

Showing 8 changed files with 12 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,10 @@
 ARG CKAN_VERSION=2.10.1
-FROM openknowledge/ckan-dev:${CKAN_VERSION}
+FROM ckan/ckan-dev:${CKAN_VERSION}
 ARG CKAN_VERSION
 
+# add sudo
+RUN set -ex && apk --no-cache add sudo
+
 # Add timezone data
 RUN sudo apk add tzdata proj-util proj-dev geos-dev
 

diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-CKAN_VERSION ?= 2.10
+CKAN_VERSION ?= 2.10.1
 COMPOSE_FILE ?= docker-compose.yml
 
 build: ## Build the  docker containers

diff --git a/README.md b/README.md
@@ -116,10 +116,10 @@ In order to support multiple versions of CKAN, or even upgrade to new versions
 of CKAN, we support development and testing through the `CKAN_VERSION`
 environment variable.
 
-    $ make CKAN_VERSION=2.10 test
+    $ make CKAN_VERSION=2.10.1 test
 
 
 Variable | Description | Default
 -------- | ----------- | -------
-CKAN_VERSION | Version of CKAN to use. | 2.10
+CKAN_VERSION | Version of CKAN to use. | 2.10.1
 COMPOSE_FILE | docker-compose service description file. | docker-compose.yml
diff --git a/ckanext/datagovtheme/templates/package/read_base.html b/ckanext/datagovtheme/templates/package/read_base.html
@@ -116,7 +116,7 @@ <h2 class="module-heading"><img id="Publisher" src="/images/publisher.png" style
     {% endblock %}
     {% block publisher_content %}
     <p class="module-content">
-        <a href="/dataset?publisher={{ h.get_pkg_dict_extra(c.pkg_dict, 'publisher') }}" title="{{ _('publsher') }}">{{ h.get_pkg_dict_extra(c.pkg_dict, 'publisher') }}</a>
+        <a href="/dataset?publisher={{ h.sanitize_url(h.get_pkg_dict_extra(c.pkg_dict, 'publisher')) }}" title="{{ _('publisher') }}">{{ h.get_pkg_dict_extra(c.pkg_dict, 'publisher') }}</a>
     </p>
     {% endblock %}
 </section>

diff --git a/ckanext/datagovtheme/templates/snippets/link_preview.html b/ckanext/datagovtheme/templates/snippets/link_preview.html
@@ -11,8 +11,8 @@
     <!-- Facebook Meta Tags -->
     <meta property="og:url" content="https://data.gov">
     <meta property="og:type" content="website">
-    <meta property="og:title" content="{{ organization }} - {{ dataset }}">
-    <meta property="og:description" content="{{ notes }}">
+    <meta property="og:title" content="{{ h.literal.escape(organization) }} - {{ h.literal.escape(dataset) }}">
+    <meta property="og:description" content="{{ h.literal.escape(notes) }}">
     <meta property="og:image" content="{{ img }}">
 
     <!-- Twitter Meta Tags -->

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,4 @@
 ---
-version: "3.7"
 services:
   ckan:
     image: datagov/ckanext-datagovtheme:${CKAN_VERSION} # ensures docker-compose will rebuild the right image in case we change CKAN_VERSION

diff --git a/requirements.txt b/requirements.txt
@@ -22,5 +22,5 @@ argparse
 pyparsing>=2.1.10
 requests>=1.1.0
 pyproj
-Shapely==2.0.1
+Shapely==1.8.5
 OWSLib==0.28.1
diff --git a/setup.py b/setup.py
@@ -10,7 +10,7 @@
 
 setup(
     name="ckanext-datagovtheme",
-    version="0.2.22",
+    version="0.2.23",
     description="CKAN Extension to manage data.gov theme",
     long_description=long_description,
     classifiers=[