Merge pull request #134 from mpaolini/option_disable_html_sanitizer_take_4

Optionally disable HTML sanitizing.
Fix #128

README.rst

@@ -251,6 +251,8 @@ you may customize the tags and attributes allowed by overriding the
     TEXT_ADDITIONAL_TAGS = ('iframe',)
     TEXT_ADDITIONAL_TAGS = ('scrolling', 'allowfullscreen', 'frameborder')
 
+To completely disable the feature, set ``TEXT_HTML_SANITIZE = False``.
+
 See the `html5lib documentation`_ for further information.
 
 .. _html5lib: https://pypi.python.org/pypi/html5lib

djangocms_text_ckeditor/html.py

@@ -10,24 +10,31 @@ import re
 import base64
 from PIL import Image
 from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
-                       TEXT_ADDITIONAL_ATTRIBUTES)
+                       TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
 from djangocms_text_ckeditor.utils import plugin_to_tag
 
 
 def _get_default_parser():
-    sanitizer.HTMLSanitizer.acceptable_elements.extend(TEXT_ADDITIONAL_TAGS)
-    sanitizer.HTMLSanitizer.acceptable_attributes.extend(TEXT_ADDITIONAL_ATTRIBUTES)
-    sanitizer.HTMLSanitizer.allowed_elements = (
-        sanitizer.HTMLSanitizer.acceptable_elements +
-        sanitizer.HTMLSanitizer.mathml_elements +
-        sanitizer.HTMLSanitizer.svg_elements)
-    sanitizer.HTMLSanitizer.allowed_attributes = (
-        sanitizer.HTMLSanitizer.acceptable_attributes +
-        sanitizer.HTMLSanitizer.mathml_attributes +
-        sanitizer.HTMLSanitizer.svg_attributes)
+    opts = {}
+
+    if TEXT_HTML_SANITIZE:
+        sanitizer.HTMLSanitizer.acceptable_elements.extend(
+            TEXT_ADDITIONAL_TAGS)
+        sanitizer.HTMLSanitizer.acceptable_attributes.extend(
+            TEXT_ADDITIONAL_ATTRIBUTES)
+        sanitizer.HTMLSanitizer.allowed_elements = (
+            sanitizer.HTMLSanitizer.acceptable_elements +
+            sanitizer.HTMLSanitizer.mathml_elements +
+            sanitizer.HTMLSanitizer.svg_elements)
+        sanitizer.HTMLSanitizer.allowed_attributes = (
+            sanitizer.HTMLSanitizer.acceptable_attributes +
+            sanitizer.HTMLSanitizer.mathml_attributes +
+            sanitizer.HTMLSanitizer.svg_attributes)
+        opts['tokenizer'] = sanitizer
+
+    return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
+                               **opts)
 
-    return html5lib.HTMLParser(tokenizer=sanitizer.HTMLSanitizer,
-                               tree=treebuilders.getTreeBuilder("dom"))
 DEFAULT_PARSER = _get_default_parser()
 
 

djangocms_text_ckeditor/settings.py

@@ -22,3 +22,4 @@ TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_fu
 TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
 TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
 TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
+TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)