From a2e8fbd2c653a07a54cee421ef2c46418adf5799 Mon Sep 17 00:00:00 2001 From: Marco Paolini Date: Mon, 19 May 2014 08:43:35 +0200 Subject: [PATCH] Optionally disable HTML sanitizing. --- README.rst | 2 ++ djangocms_text_ckeditor/html.py | 33 +++++++++++++++++------------ djangocms_text_ckeditor/settings.py | 1 + 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/README.rst b/README.rst index d6f1292..b38d60d 100644 --- a/README.rst +++ b/README.rst @@ -251,6 +251,8 @@ you may customize the tags and attributes allowed by overriding the TEXT_ADDITIONAL_TAGS = ('iframe',) TEXT_ADDITIONAL_TAGS = ('scrolling', 'allowfullscreen', 'frameborder') +To completely disable the feature, set ``TEXT_HTML_SANITIZE = False``. + See the `html5lib documentation`_ for further information. .. _html5lib: https://pypi.python.org/pypi/html5lib diff --git a/djangocms_text_ckeditor/html.py b/djangocms_text_ckeditor/html.py index 24b0af4..920bd3d 100644 --- a/djangocms_text_ckeditor/html.py +++ b/djangocms_text_ckeditor/html.py @@ -10,24 +10,31 @@ import re import base64 from PIL import Image from .settings import (TEXT_SAVE_IMAGE_FUNCTION, TEXT_ADDITIONAL_TAGS, - TEXT_ADDITIONAL_ATTRIBUTES) + TEXT_ADDITIONAL_ATTRIBUTES, TEXT_HTML_SANITIZE) from djangocms_text_ckeditor.utils import plugin_to_tag def _get_default_parser(): - sanitizer.HTMLSanitizer.acceptable_elements.extend(TEXT_ADDITIONAL_TAGS) - sanitizer.HTMLSanitizer.acceptable_attributes.extend(TEXT_ADDITIONAL_ATTRIBUTES) - sanitizer.HTMLSanitizer.allowed_elements = ( - sanitizer.HTMLSanitizer.acceptable_elements + - sanitizer.HTMLSanitizer.mathml_elements + - sanitizer.HTMLSanitizer.svg_elements) - sanitizer.HTMLSanitizer.allowed_attributes = ( - sanitizer.HTMLSanitizer.acceptable_attributes + - sanitizer.HTMLSanitizer.mathml_attributes + - sanitizer.HTMLSanitizer.svg_attributes) + opts = {} + + if TEXT_HTML_SANITIZE: + sanitizer.HTMLSanitizer.acceptable_elements.extend( + TEXT_ADDITIONAL_TAGS) + sanitizer.HTMLSanitizer.acceptable_attributes.extend( + TEXT_ADDITIONAL_ATTRIBUTES) + sanitizer.HTMLSanitizer.allowed_elements = ( + sanitizer.HTMLSanitizer.acceptable_elements + + sanitizer.HTMLSanitizer.mathml_elements + + sanitizer.HTMLSanitizer.svg_elements) + sanitizer.HTMLSanitizer.allowed_attributes = ( + sanitizer.HTMLSanitizer.acceptable_attributes + + sanitizer.HTMLSanitizer.mathml_attributes + + sanitizer.HTMLSanitizer.svg_attributes) + opts['tokenizer'] = sanitizer + + return html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"), + **opts) - return html5lib.HTMLParser(tokenizer=sanitizer.HTMLSanitizer, - tree=treebuilders.getTreeBuilder("dom")) DEFAULT_PARSER = _get_default_parser() diff --git a/djangocms_text_ckeditor/settings.py b/djangocms_text_ckeditor/settings.py index b383eea..0681918 100644 --- a/djangocms_text_ckeditor/settings.py +++ b/djangocms_text_ckeditor/settings.py @@ -22,3 +22,4 @@ TEXT_SAVE_IMAGE_FUNCTION = getattr(settings, 'TEXT_SAVE_IMAGE_FUNCTION', save_fu TEXT_ADDITIONAL_TAGS = getattr(settings, 'TEXT_ADDITIONAL_TAGS', ()) TEXT_ADDITIONAL_ATTRIBUTES = getattr(settings, 'TEXT_ADDITIONAL_ATTRIBUTES', ()) TEXT_CKEDITOR_CONFIGURATION = getattr(settings, 'TEXT_CKEDITOR_CONFIGURATION', None) +TEXT_HTML_SANITIZE = getattr(settings, 'TEXT_HTML_SANITIZE', True)