Merge pull request #149 from zerok/additional_protocols
Add TEXT_ADDITIONAL_PROTOCOLS setting
This commit is contained in:
commit
4849794ac0
|
@ -8,19 +8,18 @@ import uuid
|
||||||
|
|
||||||
from django.utils.six import BytesIO
|
from django.utils.six import BytesIO
|
||||||
|
|
||||||
from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS,
|
from . import settings
|
||||||
TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE)
|
|
||||||
from .utils import plugin_to_tag
|
from .utils import plugin_to_tag
|
||||||
|
|
||||||
|
|
||||||
def _get_default_parser():
|
def _get_default_parser():
|
||||||
opts = {}
|
opts = {}
|
||||||
|
|
||||||
if TEXT_HTML_SANITIZE:
|
if settings.TEXT_HTML_SANITIZE:
|
||||||
sanitizer.HTMLSanitizer.acceptable_elements.extend(
|
sanitizer.HTMLSanitizer.acceptable_elements.extend(
|
||||||
TEXT_ADDITIONAL_TAGS)
|
settings.TEXT_ADDITIONAL_TAGS)
|
||||||
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
|
sanitizer.HTMLSanitizer.acceptable_attributes.extend(
|
||||||
TEXT_ADDITIONAL_ATTRIBUTES)
|
settings.TEXT_ADDITIONAL_ATTRIBUTES)
|
||||||
sanitizer.HTMLSanitizer.allowed_elements = (
|
sanitizer.HTMLSanitizer.allowed_elements = (
|
||||||
sanitizer.HTMLSanitizer.acceptable_elements +
|
sanitizer.HTMLSanitizer.acceptable_elements +
|
||||||
sanitizer.HTMLSanitizer.mathml_elements +
|
sanitizer.HTMLSanitizer.mathml_elements +
|
||||||
|
@ -29,6 +28,9 @@ def _get_default_parser():
|
||||||
sanitizer.HTMLSanitizer.acceptable_attributes +
|
sanitizer.HTMLSanitizer.acceptable_attributes +
|
||||||
sanitizer.HTMLSanitizer.mathml_attributes +
|
sanitizer.HTMLSanitizer.mathml_attributes +
|
||||||
sanitizer.HTMLSanitizer.svg_attributes)
|
sanitizer.HTMLSanitizer.svg_attributes)
|
||||||
|
sanitizer.HTMLSanitizer.allowed_protocols = (
|
||||||
|
sanitizer.HTMLSanitizer.acceptable_protocols +
|
||||||
|
list(settings.TEXT_ADDITIONAL_PROTOCOLS))
|
||||||
opts['tokenizer'] = sanitizer.HTMLSanitizer
|
opts['tokenizer'] = sanitizer.HTMLSanitizer
|
||||||
|
|
||||||
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
|
return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
|
||||||
|
@ -60,7 +62,7 @@ def extract_images(data, plugin):
|
||||||
extracts base64 encoded images from drag and drop actions in browser and saves
|
extracts base64 encoded images from drag and drop actions in browser and saves
|
||||||
those images as plugins
|
those images as plugins
|
||||||
"""
|
"""
|
||||||
if not TEXT_SAVE_IMAGE_FUNCTION:
|
if not settings.TEXT_SAVE_IMAGE_FUNCTION:
|
||||||
return data
|
return data
|
||||||
tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
|
tree_builder = html5lib.treebuilders.getTreeBuilder('dom')
|
||||||
parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
|
parser = html5lib.html5parser.HTMLParser(tree = tree_builder)
|
||||||
|
@ -121,8 +123,8 @@ def extract_images(data, plugin):
|
||||||
|
|
||||||
|
|
||||||
def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
|
def img_data_to_plugin(filename, image, parent_plugin, width=None, height=None):
|
||||||
func_name = TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
|
func_name = settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[-1]
|
||||||
module = __import__(".".join(TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
|
module = __import__(".".join(settings.TEXT_SAVE_IMAGE_FUNCTION.split(".")[:-1]), fromlist=[func_name])
|
||||||
func = getattr(module, func_name)
|
func = getattr(module, func_name)
|
||||||
return func(filename, image, parent_plugin, width=width, height=height)
|
return func(filename, image, parent_plugin, width=width, height=height)
|
||||||
|
|
||||||
|
|
|
@ -19,5 +19,6 @@ else:
|
||||||
TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
|
TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_function_default)
|
||||||
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
|
TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ())
|
||||||
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
|
TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ())
|
||||||
|
TEXT_ADDITIONAL_PROTOCOLS = getattr(settings, 'TEXT_ADDITIONAL_PROTOCOLS', ())
|
||||||
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
|
TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None)
|
||||||
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)
|
TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
from django.test import TestCase
|
||||||
|
from django.test.utils import override_settings
|
||||||
|
|
||||||
|
from .. import html
|
||||||
|
from .. import settings
|
||||||
|
|
||||||
|
|
||||||
|
class HtmlSanitizerAdditionalProtocolsTests(TestCase):
|
||||||
|
def tearDown(self):
|
||||||
|
settings.TEXT_ADDITIONAL_PROTOCOLS = []
|
||||||
|
|
||||||
|
def test_default_protocol_escaping(self):
|
||||||
|
settings.TEXT_ADDITIONAL_PROTOCOLS = []
|
||||||
|
parser = html._get_default_parser()
|
||||||
|
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
|
||||||
|
full=False,
|
||||||
|
parser=parser)
|
||||||
|
self.assertEqual('<source>', text)
|
||||||
|
|
||||||
|
def test_custom_protocol_enabled(self):
|
||||||
|
settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
|
||||||
|
parser = html._get_default_parser()
|
||||||
|
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
|
||||||
|
full=False,
|
||||||
|
parser=parser)
|
||||||
|
self.assertEqual('''<source src="rtmp://testurl.com/">''', text)
|
Reference in New Issue