From 1051f72a5c0ec7e28bca369e3cf4f05750a35295 Mon Sep 17 00:00:00 2001
From: Horst Gutmann <zerok@zerokspot.com>
Date: Mon, 21 Jul 2014 14:52:10 +0200
Subject: [PATCH] Add TEXT_ADDITIONAL_PROTOCOLS setting

html5lib by default restricts what protocols are allowed in links et al.
It also offers a way to extend this list which previously was not
exposed to djangocms_text_ckeditor but can now be manipulated with the
TEXT_ADDITIONAL_PROTOCOLS setting.
---
 djangocms_text_ckeditor/html.py            | 18 ++++++++-------
 djangocms_text_ckeditor/settings.py        |  1 +
 djangocms_text_ckeditor/tests/__init__.py  |  0
 djangocms_text_ckeditor/tests/test_html.py | 26 ++++++++++++++++++++++
 4 files changed, 37 insertions(+), 8 deletions(-)
 create mode 100644 djangocms_text_ckeditor/tests/__init__.py
 create mode 100644 djangocms_text_ckeditor/tests/test_html.py

diff --git a/djangocms_text_ckeditor/html.py b/djangocms_text_ckeditor/html.py
index ec66682..701c853 100644
--- a/djangocms_text_ckeditor/html.py
+++ b/djangocms_text_ckeditor/html.py
@@ -8,19 +8,18 @@ import uuid
 
 from django.utils.six import BytesIO
 
-from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
-                       TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
+from . import settings
 from .utils import plugin_to_tag
 
 
 def _get_default_parser():
     opts = {}
 
-    if TEXT_HTML_SANITIZE:
+    if settings.TEXT_HTML_SANITIZE:
         sanitizer.HTMLSanitizer.acceptable_elements.extend(
-            TEXT_ADDITIONAL_TAGS)
+            settings.TEXT_ADDITIONAL_TAGS)
         sanitizer.HTMLSanitizer.acceptable_attributes.extend(
-            TEXT_ADDITIONAL_ATTRIBUTES)
+            settings.TEXT_ADDITIONAL_ATTRIBUTES)
         sanitizer.HTMLSanitizer.allowed_elements = (
             sanitizer.HTMLSanitizer.acceptable_elements +
             sanitizer.HTMLSanitizer.mathml_elements +
@@ -29,6 +28,9 @@ def _get_default_parser():
             sanitizer.HTMLSanitizer.acceptable_attributes +
             sanitizer.HTMLSanitizer.mathml_attributes +
             sanitizer.HTMLSanitizer.svg_attributes)
+        sanitizer.HTMLSanitizer.allowed_protocols = (
+            sanitizer.HTMLSanitizer.acceptable_protocols +
+            list(settings.TEXT_ADDITIONAL_PROTOCOLS))
         opts['tokenizer'] = sanitizer.HTMLSanitizer
 
     return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
@@ -60,7 +62,7 @@ def extract_images(data, plugin):
     extracts base64 encoded images from drag and drop actions in browser and saves
     those images as plugins
     """
-    if not TEXT_SAVE_IMAGE_FUNCTION:
+    if not settings.TEXT_SAVE_IMAGE_FUNCTION:
         return data
     tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
     parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
@@ -121,8 +123,8 @@ def extract_images(data, plugin):
 
 
 def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
-    func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
-    module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
+    func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
+    module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
     func = getattr(module, func_name)
     return func(filename, image, parent_plugin, width=width, height=height)
 
diff --git a/djangocms_text_ckeditor/settings.py b/djangocms_text_ckeditor/settings.py
index 2957142..8c452c0 100644
--- a/djangocms_text_ckeditor/settings.py
+++ b/djangocms_text_ckeditor/settings.py
@@ -19,5 +19,6 @@ else:
 TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
 TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
 TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
+TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
 TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
 TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)
diff --git a/djangocms_text_ckeditor/tests/__init__.py b/djangocms_text_ckeditor/tests/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/djangocms_text_ckeditor/tests/test_html.py b/djangocms_text_ckeditor/tests/test_html.py
new file mode 100644
index 0000000..4d7ac1d
--- /dev/null
+++ b/djangocms_text_ckeditor/tests/test_html.py
@@ -0,0 +1,26 @@
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from .. import html
+from .. import settings
+
+
+class HtmlSanitizerAdditionalProtocolsTests(TestCase):
+    def tearDown(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = []
+
+    def test_default_protocol_escaping(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = []
+        parser = html._get_default_parser()
+        text = html.clean_html('''<source src="rtmp://testurl.com/">''',
+                               full=False,
+                               parser=parser)
+        self.assertEqual('<source>', text)
+
+    def test_custom_protocol_enabled(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
+        parser = html._get_default_parser()
+        text = html.clean_html('''<source src="rtmp://testurl.com/">''',
+                               full=False,
+                               parser=parser)
+        self.assertEqual('''<source src="rtmp://testurl.com/">''', text)