Optionally disable HTML sanitizing.

This commit is contained in:
Marco Paolini 2014-05-19 08:43:35 +02:00
parent 05408380e6
commit a2e8fbd2c6
3 changed files with 23 additions and 13 deletions

View File

@ -251,6 +251,8 @@ you may customize the tags and attributes allowed by overriding the
TEXT_ADDITIONAL_TAGS = ('iframe',)
TEXT_ADDITIONAL_TAGS = ('scrolling', 'allowfullscreen', 'frameborder')
To completely disable the feature, set ``TEXT_HTML_SANITIZE = False``.
See the `html5lib documentation`_ for further information.
.. _html5lib: https://pypi.python.org/pypi/html5lib

View File

@ -10,24 +10,31 @@ import re
import base64
from PIL import Image
from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
TEXT_ADDITIONAL_ATTRIBUTES)
TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
from djangocms_text_ckeditor.utils import plugin_to_tag
def _get_default_parser():
sanitizer.HTMLSanitizer.acceptable_elements.extend(TEXT_ADDITIONAL_TAGS)
sanitizer.HTMLSanitizer.acceptable_attributes.extend(TEXT_ADDITIONAL_ATTRIBUTES)
sanitizer.HTMLSanitizer.allowed_elements = (
sanitizer.HTMLSanitizer.acceptable_elements +
sanitizer.HTMLSanitizer.mathml_elements +
sanitizer.HTMLSanitizer.svg_elements)
sanitizer.HTMLSanitizer.allowed_attributes = (
sanitizer.HTMLSanitizer.acceptable_attributes +
sanitizer.HTMLSanitizer.mathml_attributes +
sanitizer.HTMLSanitizer.svg_attributes)
opts = {}
if TEXT_HTML_SANITIZE:
sanitizer.HTMLSanitizer.acceptable_elements.extend(
TEXT_ADDITIONAL_TAGS)
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
TEXT_ADDITIONAL_ATTRIBUTES)
sanitizer.HTMLSanitizer.allowed_elements = (
sanitizer.HTMLSanitizer.acceptable_elements +
sanitizer.HTMLSanitizer.mathml_elements +
sanitizer.HTMLSanitizer.svg_elements)
sanitizer.HTMLSanitizer.allowed_attributes = (
sanitizer.HTMLSanitizer.acceptable_attributes +
sanitizer.HTMLSanitizer.mathml_attributes +
sanitizer.HTMLSanitizer.svg_attributes)
opts['tokenizer'] = sanitizer
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
**opts)
return html5lib.HTMLParser(tokenizer=sanitizer.HTMLSanitizer,
tree=treebuilders.getTreeBuilder("dom"))
DEFAULT_PARSER = _get_default_parser()

View File

@ -22,3 +22,4 @@ TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_fu
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)