ptarrant/chicken_babies_site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9090f50551502e3b65d7b952f45249ddfe62aab
chicken_babies_site/app/templates/public/about.html
Phillip Tarrant 0306f71763 feat: phase 2 content model + cache — SQLite schema, markdown, TTL 
Stand up the full SQLite content layer: all 7 tables from the authoritative
schema with WAL + foreign-keys enforced per-connection, entity dataclasses
plus row mappers, hand-rolled versioned migrations tracked in
schema_migrations, and an idempotent Python seed (system user + welcome
post + About page).

Add a Markdown->HTML service using markdown-it-py with a strict bleach
allowlist (tables intentionally omitted on both sides). Add a typed
in-process TTLCache[K,V] and wire it into real DB-backed PostService and
PageService, both exposing invalidate_all() for Phase 4 admin writes.

Rewire / and /about to read from the DB; homepage renders the seeded
welcome post, About renders page.title + sanitized body_html_cached.
Update the Phase 1 route tests accordingly.

Mark Phase 2 complete in docs/ROADMAP.md.
2026-04-21 15:40:35 -05:00

38 lines
1.5 KiB
HTML
Raw Blame History

{#
About page. Phase 2: body comes from the ``pages`` row with
slug='about', rendered via the Markdown pipeline (markdown-it-py →
bleach allowlist) at write time and cached on the row. The cached
HTML has already been sanitized against an allowlist that forbids
scripts, styles, iframes, etc., so it is safe to emit with the
``| safe`` filter (Jinja autoescape is explicitly disabled for the
body only). Head Hen edits this content through the Phase 4 admin.
Per CLAUDE.md, the physical address is not shown anywhere on the
site — only the town name.
Context:
- page : app.models.entities.Page
- active_nav : str "about"
#}
{% extends "public/base.html" %}
{% block title %}{{ page.title }} — Chicken Babies R Us{% endblock %}
{% block meta_description %}About Chicken Babies R Us — a small family farm in Morrison, Tennessee raising chickens, ducks, and geese.{% endblock %}
{% block content %}
<article class="page-article">
<header class="page-article__header">
<h1 class="page-article__title">{{ page.title }}</h1>
</header>
{#
body_html_cached is the output of the bleach-sanitized
Markdown pipeline. It contains only tags / attributes /
protocols from our allowlist (p, strong, em, a, ul, ol, li,
h1-h4, blockquote, code, pre, img, hr + href/src/etc.), so
rendering with ``| safe`` does not reintroduce XSS risk.
#}
{{ page.body_html_cached | safe }}
</article>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink