diff --git a/djangocms_text_ckeditor/html.py b/djangocms_text_ckeditor/html.py
index ec66682..701c853 100644
--- a/djangocms_text_ckeditor/html.py
+++ b/djangocms_text_ckeditor/html.py
@@ -8,19 +8,18 @@ import uuid
from django.utils.six import BytesIO
-from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
- TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
+from . import settings
from .utils import plugin_to_tag
def _get_default_parser():
opts = {}
- if TEXT_HTML_SANITIZE:
+ if settings.TEXT_HTML_SANITIZE:
sanitizer.HTMLSanitizer.acceptable_elements.extend(
- TEXT_ADDITIONAL_TAGS)
+ settings.TEXT_ADDITIONAL_TAGS)
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
- TEXT_ADDITIONAL_ATTRIBUTES)
+ settings.TEXT_ADDITIONAL_ATTRIBUTES)
sanitizer.HTMLSanitizer.allowed_elements = (
sanitizer.HTMLSanitizer.acceptable_elements +
sanitizer.HTMLSanitizer.mathml_elements +
@@ -29,6 +28,9 @@ def _get_default_parser():
sanitizer.HTMLSanitizer.acceptable_attributes +
sanitizer.HTMLSanitizer.mathml_attributes +
sanitizer.HTMLSanitizer.svg_attributes)
+ sanitizer.HTMLSanitizer.allowed_protocols = (
+ sanitizer.HTMLSanitizer.acceptable_protocols +
+ list(settings.TEXT_ADDITIONAL_PROTOCOLS))
opts['tokenizer'] = sanitizer.HTMLSanitizer
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
@@ -60,7 +62,7 @@ def extract_images(data, plugin):
extracts base64 encoded images from drag and drop actions in browser and saves
those images as plugins
"""
- if not TEXT_SAVE_IMAGE_FUNCTION:
+ if not settings.TEXT_SAVE_IMAGE_FUNCTION:
return data
tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
@@ -121,8 +123,8 @@ def extract_images(data, plugin):
def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
- func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
- module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
+ func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
+ module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
func = getattr(module, func_name)
return func(filename, image, parent_plugin, width=width, height=height)
diff --git a/djangocms_text_ckeditor/settings.py b/djangocms_text_ckeditor/settings.py
index 2957142..8c452c0 100644
--- a/djangocms_text_ckeditor/settings.py
+++ b/djangocms_text_ckeditor/settings.py
@@ -19,5 +19,6 @@ else:
TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
+TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)
diff --git a/djangocms_text_ckeditor/tests/__init__.py b/djangocms_text_ckeditor/tests/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/djangocms_text_ckeditor/tests/test_html.py b/djangocms_text_ckeditor/tests/test_html.py
new file mode 100644
index 0000000..4d7ac1d
--- /dev/null
+++ b/djangocms_text_ckeditor/tests/test_html.py
@@ -0,0 +1,26 @@
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from .. import html
+from .. import settings
+
+
+class HtmlSanitizerAdditionalProtocolsTests(TestCase):
+ def tearDown(self):
+ settings.TEXT_ADDITIONAL_PROTOCOLS = []
+
+ def test_default_protocol_escaping(self):
+ settings.TEXT_ADDITIONAL_PROTOCOLS = []
+ parser = html._get_default_parser()
+ text = html.clean_html('''