Merge pull request #149 from zerok/additional_protocols

Add TEXT_ADDITIONAL_PROTOCOLS setting

djangocms_text_ckeditor/html.py

@@ -8,19 +8,18 @@ import uuid
 
 from django.utils.six import BytesIO
 
-from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
+from . import settings
-                       TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
 from .utils import plugin_to_tag
 
 
 def _get_default_parser():
     opts = {}
 
-    if TEXT_HTML_SANITIZE:
+    if settings.TEXT_HTML_SANITIZE:
         sanitizer.HTMLSanitizer.acceptable_elements.extend(
-            TEXT_ADDITIONAL_TAGS)
+            settings.TEXT_ADDITIONAL_TAGS)
         sanitizer.HTMLSanitizer.acceptable_attributes.extend(
-            TEXT_ADDITIONAL_ATTRIBUTES)
+            settings.TEXT_ADDITIONAL_ATTRIBUTES)
         sanitizer.HTMLSanitizer.allowed_elements = (
             sanitizer.HTMLSanitizer.acceptable_elements +
             sanitizer.HTMLSanitizer.mathml_elements +
@@ -29,6 +28,9 @@ def _get_default_parser():
             sanitizer.HTMLSanitizer.acceptable_attributes +
             sanitizer.HTMLSanitizer.mathml_attributes +
             sanitizer.HTMLSanitizer.svg_attributes)
+        sanitizer.HTMLSanitizer.allowed_protocols = (
+            sanitizer.HTMLSanitizer.acceptable_protocols +
+            list(settings.TEXT_ADDITIONAL_PROTOCOLS))
         opts['tokenizer'] = sanitizer.HTMLSanitizer
 
     return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
@@ -60,7 +62,7 @@ def extract_images(data, plugin):
     extracts base64 encoded images from drag and drop actions in browser and saves
     those images as plugins
     """
-    if not TEXT_SAVE_IMAGE_FUNCTION:
+    if not settings.TEXT_SAVE_IMAGE_FUNCTION:
         return data
     tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
     parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
@@ -121,8 +123,8 @@ def extract_images(data, plugin):
 
 
 def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
-    func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
+    func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
-    module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
+    module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
     func = getattr(module, func_name)
     return func(filename, image, parent_plugin, width=width, height=height)
 

djangocms_text_ckeditor/settings.py

@@ -19,5 +19,6 @@ else:
 TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
 TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
 TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
+TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
 TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
 TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)

djangocms_text_ckeditor/tests/test_html.py

@@ -0,0 +1,26 @@
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from .. import html
+from .. import settings
+
+
+class HtmlSanitizerAdditionalProtocolsTests(TestCase):
+    def tearDown(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = []
+
+    def test_default_protocol_escaping(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = []
+        parser = html._get_default_parser()
+        text = html.clean_html('''<source src="rtmp://testurl.com/">''',
+                               full=False,
+                               parser=parser)
+        self.assertEqual('<source>', text)
+
+    def test_custom_protocol_enabled(self):
+        settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
+        parser = html._get_default_parser()
+        text = html.clean_html('''<source src="rtmp://testurl.com/">''',
+                               full=False,
+                               parser=parser)
+        self.assertEqual('''<source src="rtmp://testurl.com/">''', text)