def whitelister_element_rules():
return {
'p':
attribute_rule({'class': True}),
'a':
attribute_rule({
'href': check_url,
'id': True,
'class': True
}),
'span':
attribute_rule({'class': True}),
'i':
attribute_rule({'class': True}),
'iframe':
attribute_rule({
'id': True,
'class': True,
'src': True,
'style': True,
'frameborder': True,
'allowfullscreen': True,
'width': True,
'height': True
}),
}
def whitelister_element_rules():
return {
# Commenting out disallowed tags so its easier to remember & revert
'a': attribute_rule({'href': check_url}),
'b': allow_without_attributes,
# 'br': allow_without_attributes,
# 'div': allow_without_attributes,
'em': allow_without_attributes,
'h1': allow_without_attributes,
'h2': allow_without_attributes,
'h3': allow_without_attributes,
'h4': allow_without_attributes,
'h5': allow_without_attributes,
'h6': allow_without_attributes,
'hr': allow_without_attributes,
'i': allow_without_attributes,
'img': attribute_rule({'src': check_url, 'width': True, 'height': True,
'alt': True}),
'li': allow_without_attributes,
'ol': allow_without_attributes,
'p': allow_without_attributes,
'strong': allow_without_attributes,
'sub': allow_without_attributes,
'sup': allow_without_attributes,
'ul': allow_without_attributes,
}
def whitelister_element_rules():
return {
'p': attribute_rule({'class': True}),
'a': attribute_rule({'href': check_url, 'id': True, 'class': True}),
'span': attribute_rule({'class': True}),
'i': attribute_rule({'class': True}),
'iframe': attribute_rule({'id': True, 'class': True, 'src': True, 'style': True, 'frameborder': True, 'allowfullscreen': True, 'width': True, 'height': True }),
}
def whitelister_element_rules():
return {
'h2': attribute_rule({'style': True}),
'h3': attribute_rule({'style': True}),
'h4': attribute_rule({'style': True}),
'h5': attribute_rule({'style': True}),
'p': attribute_rule({'style': True}),
}
def whitelister_element_rules():
return {
'h2': attribute_rule({'style': True}),
'h3': attribute_rule({'style': True}),
'h4': attribute_rule({'style': True}),
'h5': attribute_rule({'style': True}),
'p': attribute_rule({'style': True}),
}
def whitelister_element_rules():
# Whitelist custom elements to the hallo.js editor
return {
'a': attribute_rule({
'href': check_url,
'target': True
}),
'blockquote': attribute_rule({'class': True})
}
def whitelister_element_rules():
return {
'a': attribute_rule({
'href': check_url,
'target': True
}),
'blockquote': allow_without_attributes,
'strike': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'a': attribute_rule({
'href': check_url,
'id': True,
'class': True
}),
'span': attribute_rule({'class': True}),
'i': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'p': attribute_rule({
'class': True,
'style': True
}),
'blockquote': allow_without_attributes,
'span': attribute_rule({'class': True}),
'sub': allow_without_attributes,
'sup': allow_without_attributes,
}
def whitelister_element_rules():
"""
Whitelist custom elements to the hallo.js editor
"""
return {
'blockquote': allow_without_attributes,
'cite': allow_without_attributes,
'a': attribute_rule({'href': check_url, 'class': True}),
'h2': attribute_rule({'id': True}),
'h3': attribute_rule({'id': True}),
'h4': attribute_rule({'id': True}),
'h5': attribute_rule({'id': True}),
}
def whitelister_element_rules():
return {
'u': allow_without_attributes,
'table': attribute_rule({'cellspacing': True, 'cellpadding': True,
'border': True}),
'td': attribute_rule({'valign': True, 'style': True}),
'tr': allow_without_attributes,
'th': allow_without_attributes,
'tbody': allow_without_attributes,
'tfoot': allow_without_attributes,
'thead': allow_without_attributes,
'p': attribute_rule({'align': True}),
}
def whitelister_element_rules():
return {
'iframe': attribute_rule(ALLTAGS),
'object': attribute_rule(ALLTAGS),
'script': attribute_rule(ALLTAGS),
'style': attribute_rule(ALLTAGS),
'embed': attribute_rule(ALLTAGS),
'src': attribute_rule(ALLTAGS),
'video': attribute_rule(ALLTAGS),
'div': attribute_rule(ALLTAGS),
'noscript': attribute_rule(ALLTAGS),
'param': attribute_rule(ALLTAGS),
}
def allow_iframes():
return {
'iframe': attribute_rule(
{
'src': True,
'width': True,
'height': True,
'frameborder': True,
'marginheight': True,
'marginwidth': True
}),
'tito-widget': attribute_rule({'event': True}),
'tito-button': attribute_rule({'event': True}),
}
def whitelist_blockquote():
return {
'style':
blacklist_tag(),
'font':
unwrap_tag(),
'span':
unwrap_tag(),
'blockquote':
attribute_rule({'class': True}),
'p':
attribute_rule({'class': True}),
'h2':
attribute_rule({'class': True}),
'h3':
attribute_rule({'class': True}),
'h4':
attribute_rule({'class': True}),
'h5':
attribute_rule({'class': True}),
'iframe':
attribute_rule({
'style': True,
'src': True,
'width': True,
'height': True
}),
'img':
attribute_rule({
'srcset': True,
'class': True,
'alt': True,
'sizes': True,
'width': True,
'height': True,
'src': True
}),
'audio':
attribute_rule({
'class': True,
'src': True,
'controls': True,
}),
'source':
attribute_rule({
'class': True,
'src': True,
'type': True,
}),
}
def whitelister_element_rules():
return {
# Commenting out disallowed tags so its easier to remember & revert
'a':
attribute_rule({'href': check_url}),
'b':
allow_without_attributes,
# 'br': allow_without_attributes,
# 'div': allow_without_attributes,
'em':
allow_without_attributes,
'h1':
allow_without_attributes,
'h2':
allow_without_attributes,
'h3':
allow_without_attributes,
'h4':
allow_without_attributes,
'h5':
allow_without_attributes,
'h6':
allow_without_attributes,
'hr':
allow_without_attributes,
'i':
allow_without_attributes,
'img':
attribute_rule({
'src': check_url,
'width': True,
'height': True,
'alt': True
}),
'li':
allow_without_attributes,
'ol':
allow_without_attributes,
'p':
allow_without_attributes,
'strong':
allow_without_attributes,
'sub':
allow_without_attributes,
'sup':
allow_without_attributes,
'ul':
allow_without_attributes,
}
def whitelister_element_rules():
allow_html_class = attribute_rule({'class': True})
allowed_tags = ['aside', 'table', 'tr', 'th', 'td', 'tbody', 'thead',
'tfoot', 'col', 'colgroup']
return {tag: allow_html_class for tag in allowed_tags}
def whitelister_element_rules():
"""
Whitelist custom elements to the hallo.js editor
"""
return {
'a': attribute_rule({'href': check_url, 'class': True}),
}
def whitelister_element_rules():
allow_html_class = attribute_rule({'class': True})
allowed_tags = ['aside', 'table', 'tr', 'th', 'td', 'tbody', 'thead',
'tfoot', 'col', 'colgroup']
return {tag: allow_html_class for tag in allowed_tags}
def test_rule_true_for_attr(self):
"""
Test that attribute_rule() does not change atrributes
when the corresponding rule returns True
"""
tag = self.soup.b
fn = attribute_rule({'foo': True})
fn(tag)
self.assertEqual(str(tag), '<b foo="bar">baz</b>')
def whitelister_element_rules():
return {
'blockquote': allow_without_attributes,
'code': allow_without_attributes,
'table': allow_without_attributes,
'tr': allow_without_attributes,
'td': allow_without_attributes,
'pre': attribute_rule({'class': True}),
}
def test_no_rule_for_attr(self):
"""
Test that attribute_rule() drops attributes for
which no rule has been defined.
"""
tag = self.soup.b
fn = attribute_rule({'snowman': 'barbecue'})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def test_rule_true_for_attr(self):
"""
Test that attribute_rule() does not change atrributes
when the corresponding rule returns True
"""
tag = self.soup.b
fn = attribute_rule({'foo': True})
fn(tag)
self.assertEqual(str(tag), '<b foo="bar">baz</b>')
def test_rule_false_for_attr(self):
"""
Test that attribute_rule() drops atrributes
when the corresponding rule returns False
"""
tag = self.soup.b
fn = attribute_rule({'foo': False})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def test_rule_false_for_attr(self):
"""
Test that attribute_rule() drops atrributes
when the corresponding rule returns False
"""
tag = self.soup.b
fn = attribute_rule({'foo': False})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def test_no_rule_for_attr(self):
"""
Test that attribute_rule() drops attributes for
which no rule has been defined.
"""
tag = self.soup.b
fn = attribute_rule({'snowman': 'barbecue'})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def whitelister_element_rules():
return {
'span':
attribute_rule({
'data-target': True,
'data-toggle': True,
'class': True
}),
}
def test_callable_called_on_attr(self):
"""
Test that when the rule returns a callable,
attribute_rule() replaces the attribute with
the result of calling the callable on the attribute.
"""
tag = self.soup.b
fn = attribute_rule({'foo': len})
fn(tag)
self.assertEqual(str(tag), '<b foo="3">baz</b>')
def test_callable_returns_None(self):
"""
Test that when the rule returns a callable,
attribute_rule() replaces the attribute with
the result of calling the callable on the attribute.
"""
tag = self.soup.b
fn = attribute_rule({'foo': lambda x: None})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def test_callable_called_on_attr(self):
"""
Test that when the rule returns a callable,
attribute_rule() replaces the attribute with
the result of calling the callable on the attribute.
"""
tag = self.soup.b
fn = attribute_rule({'foo': len})
fn(tag)
self.assertEqual(str(tag), '<b foo="3">baz</b>')
def test_callable_returns_None(self):
"""
Test that when the rule returns a callable,
attribute_rule() replaces the attribute with
the result of calling the callable on the attribute.
"""
tag = self.soup.b
fn = attribute_rule({'foo': lambda x: None})
fn(tag)
self.assertEqual(str(tag), '<b>baz</b>')
def allow_iframes():
return {
'iframe': attribute_rule(
{
'src': True,
'width': True,
'height': True,
'frameborder': True,
'marginheight': True,
'marginwidth': True
})
}
def whitelister_element_rules():
return {
's':
allow_without_attributes,
'u':
allow_without_attributes,
'span':
attribute_rule({
'style': True,
"class": True
}),
'p':
attribute_rule({
'style': True,
"class": True
}),
'div':
attribute_rule({
'style': True,
"class": True
}),
'q':
allow_without_attributes,
'ins':
allow_without_attributes,
'pre':
allow_without_attributes,
'address':
allow_without_attributes,
'table':
attribute_rule({
'align': True,
"border": True,
"cellpadding": True,
"style": True
}),
'caption':
allow_without_attributes,
'thead':
allow_without_attributes,
'tr':
allow_without_attributes,
'tbody':
allow_without_attributes,
'td':
attribute_rule({
'style': True,
"class": True
}),
'hr':
allow_without_attributes,
'img':
attribute_rule({
'alt': True,
"src": True,
'style': True,
'width': True,
'height': True
}),
}
def whitelister_element_rules():
allow_html_class = attribute_rule({
'class': True,
'itemprop': True,
'itemscope': True,
'itemtype': True,
})
allowed_tags = ['aside', 'h4', 'p', 'span',
'table', 'tr', 'th', 'td', 'tbody', 'thead', 'tfoot',
'col', 'colgroup']
return {tag: allow_html_class for tag in allowed_tags}
def whitelister_element_rules():
return {
'p': attribute_rule({
'class': True,
'align': True
}),
'h1': attribute_rule({
'class': True,
'align': True
}),
'h2': attribute_rule({
'class': True,
'align': True
}),
'h3': attribute_rule({
'class': True,
'align': True
}),
'h4': attribute_rule({
'class': True,
'align': True
}),
}
class SimpleDbWhitelister(DbWhitelister):
"""
DbWhitelister to allow/disallow stuff on the text editor
"""
element_rules = {
'[document]': allow_without_attributes,
'a': attribute_rule({
'href': check_url,
'id': True,
'linktype': True
}),
'p': allow_without_attributes,
'b': allow_without_attributes,
'i': allow_without_attributes,
'u': allow_without_attributes,
'ul': allow_without_attributes,
'ol': allow_without_attributes,
'li': allow_without_attributes,
}
def whitelist_blockquote():
return {
'style': blacklist_tag(),
'font': unwrap_tag(),
'span': unwrap_tag(),
'blockquote': attribute_rule({'class': True}),
'p': attribute_rule({'class': True}),
'h2': attribute_rule({'class': True}),
'h3': attribute_rule({'class': True}),
'h4': attribute_rule({'class': True}),
'h5': attribute_rule({'class': True}),
'iframe': attribute_rule({
'style': True, 'src': True,
'width': True, 'height': True
}),
'img': attribute_rule({
'srcset': True, 'class': True,
'alt': True, 'sizes': True,
'width': True, 'height': True,
'src': True
})
}
import json
from django.db import models
from wagtail.wagtailcore.whitelist import attribute_rule, check_url
from wagtail.wagtailcore.rich_text import DbWhitelister
from wagtail.wagtailadmin.rich_text import HalloRichTextArea
allow_without_attributes = attribute_rule({})
class SimpleDbWhitelister(DbWhitelister):
"""
DbWhitelister to allow/disallow stuff on the text editor
"""
element_rules = {
'[document]': allow_without_attributes,
'a': attribute_rule({
'href': check_url,
'id': True,
'linktype': True
}),
'p': allow_without_attributes,
'b': allow_without_attributes,
'i': allow_without_attributes,
'u': allow_without_attributes,
'ul': allow_without_attributes,
'ol': allow_without_attributes,
'li': allow_without_attributes,
}
def whitelister_element_rules():
return {
'span': attribute_rule({'data-target': True, 'data-toggle': True, 'class': True}),
}
import json
from django.db import models
from wagtail.wagtailcore.whitelist import attribute_rule, check_url
from wagtail.wagtailcore.rich_text import DbWhitelister
from wagtail.wagtailcore.fields import RichTextArea
allow_without_attributes = attribute_rule({})
class SimpleDbWhitelister(DbWhitelister):
"""
DbWhitelister to allow/disallow stuff on the text editor
"""
element_rules = {
'[document]': allow_without_attributes,
'a': attribute_rule({'href': check_url, 'id': True, 'linktype': True}),
'p': allow_without_attributes,
'b': allow_without_attributes,
'i': allow_without_attributes,
'u': allow_without_attributes,
'ul': allow_without_attributes,
'ol': allow_without_attributes,
'li': allow_without_attributes,
}
class SimpleRichTextArea(RichTextArea):
"""
Customised RichTextArea
class CustomDbWhitelister(DbWhitelister):
element_rules = {
'[document]':
allow_without_attributes,
'a':
attribute_rule({
'style': True,
'class': True,
'href': True,
'data-new-link': True,
'target': True,
'rel': True
}),
'b':
allow_without_attributes,
'br':
allow_without_attributes,
'div':
attribute_rule({
'style': True,
'class': True
}),
'em':
allow_without_attributes,
'h1':
attribute_rule({'style': True}),
'h2':
attribute_rule({'style': True}),
'h3':
attribute_rule({'style': True}),
'h4':
attribute_rule({'style': True}),
'h5':
attribute_rule({'style': True}),
'h6':
attribute_rule({'style': True}),
'hr':
allow_without_attributes,
'i':
allow_without_attributes,
'img':
attribute_rule({
'src': True,
'width': True,
'height': True,
'alt': True,
'class': True
}),
'li':
attribute_rule({
'style': True,
'class': True
}),
'ol':
allow_without_attributes,
'p':
attribute_rule({
'style': True,
'class': True
}),
'strong':
allow_without_attributes,
'span':
attribute_rule({
'style': True,
'class': True
}),
'sub':
allow_without_attributes,
'sup':
allow_without_attributes,
'ul':
attribute_rule({
'style': True,
'class': True
}),
}
@classmethod
def clean_tag_node(cls, doc, tag):
if 'data-embedtype' in tag.attrs:
embed_type = tag['data-embedtype']
# fetch the appropriate embed handler for this embedtype
embed_handler = get_embed_handler(embed_type)
embed_attrs = embed_handler.get_db_attributes(tag)
embed_attrs['embedtype'] = embed_type
embed_tag = doc.new_tag('embed', **embed_attrs)
embed_tag.can_be_empty_element = True
tag.replace_with(embed_tag)
elif tag.name == 'a' and 'data-linktype' in tag.attrs:
# first, whitelist the contents of this tag
for child in tag.contents:
cls.clean_node(doc, child)
link_type = tag['data-linktype']
link_handler = get_link_handler(link_type)
link_attrs = link_handler.get_db_attributes(tag)
link_attrs['linktype'] = link_type
tag.attrs.clear()
tag.attrs.update(**link_attrs)
else:
if tag.name == 'div':
tag.name = 'div'
super(DbWhitelister, cls).clean_tag_node(doc, tag)
def whitelister_element_rules():
return {
'span': attribute_rule({'class': True, 'data-term': True}),
'blockquote': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'p': attribute_rule({'style': True}),
'span': attribute_rule({'style': True}),
}
def whitelister_element_rules():
# Whitelist custom elements to the hallo.js editor
return {
'a': attribute_rule({'href': check_url, 'target': True}),
'blockquote': attribute_rule({'class': True})
}
def whitelister_element_rules():
return {
'pre': allow_without_attributes,
'code': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'a': attribute_rule({'href': check_url, 'id': True}),
'span': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'aside': attribute_rule({'class': True}),
}
def allow_blockquotes():
return {
'a': attribute_rule({'href': check_url, 'target': True, 'class': True}),
'blockquote': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'blockquote': allow_without_attributes,
'a': attribute_rule({'href': check_url, 'target': True}),
}
def whitelister_element_rules():
return {
'a': attribute_rule({
'class': True,
'href': check_url,
'target': True
}),
'span': attribute_rule({'class': True}),
'p': attribute_rule({'class': True}),
'div': attribute_rule({'class': True}),
'table': attribute_rule({'class': True}),
'thead': attribute_rule({'class': True}),
'tbody': attribute_rule({'class': True}),
'tr': attribute_rule({'class': True}),
'td': attribute_rule({'class': True}),
'th': attribute_rule({'class': True}),
'blockquote': attribute_rule({'class': True}),
'pre': attribute_rule({
'class': True,
'style': True
}),
'code': attribute_rule({'class': True}),
'h1': attribute_rule({'class': True}),
'h2': attribute_rule({'class': True}),
'h3': attribute_rule({'class': True}),
'h4': attribute_rule({'class': True}),
'h5': attribute_rule({'class': True}),
'h6': attribute_rule({'class': True}),
'ul': attribute_rule({'class': True}),
'ol': attribute_rule({'class': True}),
'li': attribute_rule({'class': True}),
'img': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {"blockquote": allow_without_attributes, "a": attribute_rule({"href": check_url, "target": True})}
def whitelister_element_rules():
allow_attr = {
'border': True,
'cellpadding': True,
'cellspacing': True,
'style': True,
'width': True,
'border': True,
'colspan': True,
'margin-left': True,
'margin-right': True,
'height': True,
'border-color': True,
'text-align': True,
'background-color': True,
'vertical-align': True,
'scope': True,
'id': True
}
allow_attr_script = {'src': True, 'type': True}
return {
'div':
allow_without_attributes,
'table':
attribute_rule(allow_attr),
'[document]':
allow_without_attributes,
'a':
attribute_rule({'href': check_url}),
'b':
allow_without_attributes,
'br':
allow_without_attributes,
'div':
attribute_rule(allow_attr),
'em':
attribute_rule(allow_attr),
'h1':
allow_without_attributes,
'h2':
allow_without_attributes,
'h3':
allow_without_attributes,
'h4':
allow_without_attributes,
'h5':
allow_without_attributes,
'h6':
allow_without_attributes,
'hr':
allow_without_attributes,
'i':
allow_without_attributes,
'img':
attribute_rule({
'src': check_url,
'width': True,
'height': True,
'alt': True
}),
'li':
attribute_rule(allow_attr),
'ol':
attribute_rule(allow_attr),
'p':
attribute_rule(allow_attr),
'strong':
attribute_rule(allow_attr),
'sub':
attribute_rule(allow_attr),
'sup':
attribute_rule(allow_attr),
'ul':
attribute_rule(allow_attr),
'blockquote':
attribute_rule(allow_attr),
'pre':
attribute_rule(allow_attr),
'span':
attribute_rule(allow_attr),
'code':
attribute_rule(allow_attr),
'table':
attribute_rule(allow_attr),
'caption':
attribute_rule(allow_attr),
'tbody':
attribute_rule(allow_attr),
'th':
attribute_rule(allow_attr),
'tr':
attribute_rule(allow_attr),
'td':
attribute_rule(allow_attr),
'script':
attribute_rule(allow_attr_script)
}
def whitelister_element_rules():
return {
'span': attribute_rule({'class': True}),
}
def whitelister_element_rules():
return {
'span': attribute_rule({'style': True}),
'font': attribute_rule({'size': True, 'face': True, 'color': True}),
'p': attribute_rule({'align': True}),
}
