CU-2n66qf5: sanitise common html tags on data upload. Rest of the tag…

…s are left as is, trim leading whitespace on doc summary previews

webapp/api/api/data_utils.py

@@ -1,3 +1,5 @@
+import re
+
 import pandas as pd
 
 from .models import *
@@ -29,12 +31,21 @@ def dataset_from_file(dataset: Dataset):
             row = row[1]
             document = Document()
             document.name = row['name']
-            document.text = row['text']
+            document.text = sanitise_input(row['text'])
             document.dataset = dataset
             document.save()
     else:
         raise Exception("Please make sure the file is either a .csv or .xlsx format")
 
 
+def sanitise_input(text: str):
+    tags = [('<br>', '\n'), ('</?p>', '\n'), ('<span(?:.*?)?>', ''),
+            ('</span>', ''), ('<div (?:.*?)?>', '\n'), ('</div>', '\n'),
+            ('</?html>', ''), ('</?body>', ''), ('</?head>', '')]
+    for tag, repl in tags:
+        text = re.sub(tag, repl, text)
+    return text
+
+
 def delete_orphan_docs(dataset: Dataset):
     Document.objects.filter(dataset__id=dataset.id).delete()

webapp/frontend/src/components/common/ClinicalText.vue

@@ -90,12 +90,6 @@ export default {
           formattedText += this.text.slice(start, this.text.length)
         }
       }
-      // escape '<' '>' that may be interpreted as start/end tags.
-      formattedText = formattedText
-        .replace(/<(?!span|br)/g, '&lt')
-        .replace(/&lt(?=\/span>)/g, '<')
-        .replace(/(?<!")>/g, '&gt')
-        .replace(/(?<=<\/span|br)&gt/g, '>')
 
       formattedText = this.addAnnos ? `<div @contextmenu.prevent.stop="showCtxMenu($event)">${formattedText}</div>` : `<div>${formattedText}</div>`
       this.scrollIntoView(timeout)

webapp/frontend/src/components/common/DocumentSummary.vue

@@ -102,6 +102,7 @@ export default {
   },
   filters: {
     limitText (value) {
+      value = value.trim()
       let splitText = value.split('\n')
       if (splitText.length > 5) {
         return splitText.slice(0, 5).join('\n')