Add TEXT_ADDITIONAL_PROTOCOLS setting
html5lib by default restricts what protocols are allowed in links et al. It also offers a way to extend this list which previously was not exposed to djangocms_text_ckeditor but can now be manipulated with the TEXT_ADDITIONAL_PROTOCOLS setting.
This commit is contained in:
parent
adf4a7c104
commit
1051f72a5c
|
@ -8,19 +8,18 @@ import uuid
|
|||
|
||||
from django.utils.six import BytesIO
|
||||
|
||||
from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
|
||||
TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
|
||||
from . import settings
|
||||
from .utils import plugin_to_tag
|
||||
|
||||
|
||||
def _get_default_parser():
|
||||
opts = {}
|
||||
|
||||
if TEXT_HTML_SANITIZE:
|
||||
if settings.TEXT_HTML_SANITIZE:
|
||||
sanitizer.HTMLSanitizer.acceptable_elements.extend(
|
||||
TEXT_ADDITIONAL_TAGS)
|
||||
settings.TEXT_ADDITIONAL_TAGS)
|
||||
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
|
||||
TEXT_ADDITIONAL_ATTRIBUTES)
|
||||
settings.TEXT_ADDITIONAL_ATTRIBUTES)
|
||||
sanitizer.HTMLSanitizer.allowed_elements = (
|
||||
sanitizer.HTMLSanitizer.acceptable_elements +
|
||||
sanitizer.HTMLSanitizer.mathml_elements +
|
||||
|
@ -29,6 +28,9 @@ def _get_default_parser():
|
|||
sanitizer.HTMLSanitizer.acceptable_attributes +
|
||||
sanitizer.HTMLSanitizer.mathml_attributes +
|
||||
sanitizer.HTMLSanitizer.svg_attributes)
|
||||
sanitizer.HTMLSanitizer.allowed_protocols = (
|
||||
sanitizer.HTMLSanitizer.acceptable_protocols +
|
||||
list(settings.TEXT_ADDITIONAL_PROTOCOLS))
|
||||
opts['tokenizer'] = sanitizer.HTMLSanitizer
|
||||
|
||||
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
|
||||
|
@ -60,7 +62,7 @@ def extract_images(data, plugin):
|
|||
extracts base64 encoded images from drag and drop actions in browser and saves
|
||||
those images as plugins
|
||||
"""
|
||||
if not TEXT_SAVE_IMAGE_FUNCTION:
|
||||
if not settings.TEXT_SAVE_IMAGE_FUNCTION:
|
||||
return data
|
||||
tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
|
||||
parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
|
||||
|
@ -121,8 +123,8 @@ def extract_images(data, plugin):
|
|||
|
||||
|
||||
def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
|
||||
func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
|
||||
module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
|
||||
func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
|
||||
module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
|
||||
func = getattr(module, func_name)
|
||||
return func(filename, image, parent_plugin, width=width, height=height)
|
||||
|
||||
|
|
|
@ -19,5 +19,6 @@ else:
|
|||
TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
|
||||
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
|
||||
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
|
||||
TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
|
||||
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
|
||||
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
from django.test import TestCase
|
||||
from django.test.utils import override_settings
|
||||
|
||||
from .. import html
|
||||
from .. import settings
|
||||
|
||||
|
||||
class HtmlSanitizerAdditionalProtocolsTests(TestCase):
|
||||
def tearDown(self):
|
||||
settings.TEXT_ADDITIONAL_PROTOCOLS = []
|
||||
|
||||
def test_default_protocol_escaping(self):
|
||||
settings.TEXT_ADDITIONAL_PROTOCOLS = []
|
||||
parser = html._get_default_parser()
|
||||
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
|
||||
full=False,
|
||||
parser=parser)
|
||||
self.assertEqual('<source>', text)
|
||||
|
||||
def test_custom_protocol_enabled(self):
|
||||
settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
|
||||
parser = html._get_default_parser()
|
||||
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
|
||||
full=False,
|
||||
parser=parser)
|
||||
self.assertEqual('''<source src="rtmp://testurl.com/">''', text)
|
Reference in New Issue