Add TEXT_ADDITIONAL_PROTOCOLS setting

html5lib by default restricts what protocols are allowed in links et al.
It also offers a way to extend this list which previously was not
exposed to djangocms_text_ckeditor but can now be manipulated with the
TEXT_ADDITIONAL_PROTOCOLS setting.
This commit is contained in:
Horst Gutmann 2014-07-21 14:52:10 +02:00
parent adf4a7c104
commit 1051f72a5c
4 changed files with 37 additions and 8 deletions

View File

@ -8,19 +8,18 @@ import uuid
from django.utils.six import BytesIO
from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
from . import settings
from .utils import plugin_to_tag
def _get_default_parser():
opts = {}
if TEXT_HTML_SANITIZE:
if settings.TEXT_HTML_SANITIZE:
sanitizer.HTMLSanitizer.acceptable_elements.extend(
TEXT_ADDITIONAL_TAGS)
settings.TEXT_ADDITIONAL_TAGS)
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
TEXT_ADDITIONAL_ATTRIBUTES)
settings.TEXT_ADDITIONAL_ATTRIBUTES)
sanitizer.HTMLSanitizer.allowed_elements = (
sanitizer.HTMLSanitizer.acceptable_elements +
sanitizer.HTMLSanitizer.mathml_elements +
@ -29,6 +28,9 @@ def _get_default_parser():
sanitizer.HTMLSanitizer.acceptable_attributes +
sanitizer.HTMLSanitizer.mathml_attributes +
sanitizer.HTMLSanitizer.svg_attributes)
sanitizer.HTMLSanitizer.allowed_protocols = (
sanitizer.HTMLSanitizer.acceptable_protocols +
list(settings.TEXT_ADDITIONAL_PROTOCOLS))
opts['tokenizer'] = sanitizer.HTMLSanitizer
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
@ -60,7 +62,7 @@ def extract_images(data, plugin):
extracts base64 encoded images from drag and drop actions in browser and saves
those images as plugins
"""
if not TEXT_SAVE_IMAGE_FUNCTION:
if not settings.TEXT_SAVE_IMAGE_FUNCTION:
return data
tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
@ -121,8 +123,8 @@ def extract_images(data, plugin):
def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
func = getattr(module, func_name)
return func(filename, image, parent_plugin, width=width, height=height)

View File

@ -19,5 +19,6 @@ else:
TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)

View File

@ -0,0 +1,26 @@
from django.test import TestCase
from django.test.utils import override_settings
from .. import html
from .. import settings
class HtmlSanitizerAdditionalProtocolsTests(TestCase):
def tearDown(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = []
def test_default_protocol_escaping(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = []
parser = html._get_default_parser()
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
full=False,
parser=parser)
self.assertEqual('<source>', text)
def test_custom_protocol_enabled(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
parser = html._get_default_parser()
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
full=False,
parser=parser)
self.assertEqual('''<source src="rtmp://testurl.com/">''', text)