From 16745f98dd5999953e6a1d131556f43924c7f6c5 Mon Sep 17 00:00:00 2001
From: Dan Helfman <dan@luminotes.com>
Date: Thu, 12 Feb 2009 14:23:48 -0800
Subject: [PATCH] Now ignoring even more unneeded HTML tags from an MS Word
 copy-and-paste: Specifically, "</o:p>" and similar.

---
 NEWS                              |  1 +
 controller/Html_cleaner.py        |  1 +
 controller/test/Test_notebooks.py | 43 +++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git a/NEWS b/NEWS
index 1da77cf..51b33b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,5 @@
 1.6.5: February 12, 2009
+ * Now ignoring even more unneeded HTML tags from an MS Word copy-and-paste.
  * Fixed a bug in Internet Explorer in which hiding a focused note could cause
    the next note to display incorrectly
  * Fixed a bug in Internet Explorer in which opening a note by following a link
diff --git a/controller/Html_cleaner.py b/controller/Html_cleaner.py
index 1ee6095..2cc953a 100644
--- a/controller/Html_cleaner.py
+++ b/controller/Html_cleaner.py
@@ -215,6 +215,7 @@ class Html_cleaner(HTMLParser):
       self.open_tags.insert(0, tag)
       
   def handle_endtag(self, tag, attrs):
+    tag = tag.split( ":" )[ 0 ]
     bracketed = "</%s>" % tag
     if tag not in self.permitted_tags:
       if tag not in self.stripped_tags:
diff --git a/controller/test/Test_notebooks.py b/controller/test/Test_notebooks.py
index fb3b7ea..dd00736 100644
--- a/controller/test/Test_notebooks.py
+++ b/controller/test/Test_notebooks.py
@@ -3181,6 +3181,49 @@ class Test_notebooks( Test_controller ):
     assert note.contents == expected_contents
     assert note.user_id == self.user.object_id
 
+  def test_save_new_note_with_disallowed_ms_word_tags( self ):
+    self.login()
+
+    # save a completely new note
+    title_with_tags = u"<h3>my funny title</h3>"
+    junk = u"foo<o:p>ms word!</o:p>"
+    more_junk = u"<m:wtf>blah</m><o>hm</o:isthis>"
+    new_note = Note.create( "55", title_with_tags + junk + more_junk )
+    previous_revision = new_note.revision
+
+    result = self.http_post( "/notebooks/save_note/", dict(
+      notebook_id = self.notebook.object_id,
+      note_id = new_note.object_id,
+      contents = new_note.contents,
+      startup = False,
+      previous_revision = None,
+    ), session_id = self.session_id )
+
+    assert result[ "new_revision" ]
+    assert result[ "new_revision" ] != previous_revision
+    assert result[ "new_revision" ].user_id == self.user.object_id
+    assert result[ "new_revision" ].username == self.username
+    assert result[ "previous_revision" ] == None
+    user = self.database.load( User, self.user.object_id )
+    assert user.storage_bytes > 0
+    assert result[ "storage_bytes" ] == user.storage_bytes
+    assert result[ "rank" ] == 0.0
+
+    # make sure the new title is now loadable
+    result = self.http_post( "/notebooks/load_note_by_title/", dict(
+      notebook_id = self.notebook.object_id,
+      note_title = new_note.title,
+    ), session_id = self.session_id )
+
+    note = result[ "note" ]
+
+    expected_contents = title_with_tags + u"fooms word!blahhm"
+
+    assert note.object_id == new_note.object_id
+    assert note.title == new_note.title
+    assert note.contents == expected_contents
+    assert note.user_id == self.user.object_id
+
   def test_save_new_note_with_bad_characters( self ):
     self.login()