forbid mentions in sigs

app/__init__.py

@@ -8,6 +8,7 @@ from .constants import (
     PermissionLevel, permission_level_string,
     InfoboxKind, InfoboxHTMLClass,
     REACTION_EMOJI, MOTD_BANNED_TAGS,
+    SIG_BANNED_TAGS,
     )
 from .lib.babycode import babycode_to_html, EMOJI, BABYCODE_VERSION
 from datetime import datetime
@@ -177,6 +178,7 @@ def create_app():
             "__emoji": EMOJI,
             "REACTION_EMOJI": REACTION_EMOJI,
             "MOTD_BANNED_TAGS": MOTD_BANNED_TAGS,
+            "SIG_BANNED_TAGS": SIG_BANNED_TAGS,
         }
 
     @app.context_processor

app/constants.py

@@ -51,6 +51,10 @@ MOTD_BANNED_TAGS = [
     'img', 'spoiler', '@mention'
 ]
 
+SIG_BANNED_TAGS = [
+    '@mention'
+]
+
 def permission_level_string(perm):
     return PermissionLevelString[PermissionLevel(int(perm))]
 

app/lib/babycode.py

@@ -252,7 +252,7 @@ def should_collapse(text, surrounding):
 def sanitize(s):
     return escape(s.strip().replace('\r\n', '\n').replace('\r', '\n'))
 
-def babycode_to_html(s, banned_tags={}):
+def babycode_to_html(s, banned_tags=[]):
     allowed_tags = set(TAGS.keys())
     if banned_tags is not None:
         for tag in banned_tags:

app/routes/users.py

@@ -10,7 +10,7 @@ from ..models import (
     BookmarkCollections, BookmarkedThreads,
     Mentions, PostHistory,
     )
-from ..constants import InfoboxKind, PermissionLevel
+from ..constants import InfoboxKind, PermissionLevel, SIG_BANNED_TAGS
 from ..auth import digest, verify
 from wand.image import Image
 from wand.exceptions import WandException
@@ -392,7 +392,7 @@ def settings_form(username):
     status = request.form.get('status', default="")[:100]
     original_sig = request.form.get('signature', default='').strip()
     if original_sig:
-        rendered_sig = babycode_to_html(original_sig).result
+        rendered_sig = babycode_to_html(original_sig, SIG_BANNED_TAGS).result
     else:
         rendered_sig = ''
     session['subscribe_by_default'] = request.form.get('subscribe_by_default', default='off') == 'on'

app/templates/users/settings.html

@@ -39,7 +39,7 @@
         <input autocomplete='off' type='checkbox' id='subscribe_by_default' name='subscribe_by_default' {{ 'checked' if session.get('subscribe_by_default', default=true) else '' }}>
         <label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
         <label for='babycode-content'>Signature</label>
-        {{ babycode_editor_component(ta_name='signature', prefill=active_user.signature_original_markup, ta_placeholder='Will be shown under each of your posts', optional=true) }}
+        {{ babycode_editor_component(ta_name='signature', prefill=active_user.signature_original_markup, ta_placeholder='Will be shown under each of your posts', optional=true, banned_tags=SIG_BANNED_TAGS) }}
         <input type='submit' value='Save settings'>
       </form>
     </fieldset>