def pre_save(self, instance, add: bool):
"""Ran just before the model is saved, allows us to built
the slug.
Arguments:
instance:
The model that is being saved.
add:
Indicates whether this is a new entry
to the database or an update.
"""
localized_value = getattr(instance, self.attname)
if not localized_value:
return None
for lang_code, _ in settings.LANGUAGES:
value = localized_value.get(lang_code)
if not value:
continue
localized_value.set(
lang_code, bleach.clean(value, **get_bleach_default_options()))
return localized_value
def __init__(self,
allowed_tags=None,
allowed_attributes=None,
allowed_styles=None,
allowed_protocols=None,
strip_comments=None,
strip_tags=None,
*args,
**kwargs):
self.widget = get_default_widget()
super(BleachField, self).__init__(*args, **kwargs)
self.bleach_options = get_bleach_default_options()
if allowed_tags is not None:
self.bleach_options['tags'] = allowed_tags
if allowed_attributes is not None:
self.bleach_options['attributes'] = allowed_attributes
if allowed_styles is not None:
self.bleach_options['styles'] = allowed_styles
if allowed_protocols is not None:
self.bleach_options['protocols'] = allowed_protocols
if strip_tags is not None:
self.bleach_options['strip'] = strip_tags
if strip_comments is not None:
self.bleach_options['strip_comments'] = strip_comments
def bleach_value(value):
"""Same as django_bleach, but convert the <br> we get back to valid XML,
for the AN export."""
bleach_args = get_bleach_default_options()
bleached_value = bleach.clean(value, **bleach_args)
bleached_value = bleached_value.replace('<br>', '<br/>')
return mark_safe(bleached_value)
def update_event_form(request, event):
if request.data.get('form_fields'):
event.form_fields = request.data.get('form_fields')
for i, field in enumerate(event.form_fields):
if field.has_key('html'):
event.form_fields[i]['html'] = bleach.clean(
event.form_fields[i]['html'],
**get_bleach_default_options()
) #removetags(event.form_fields[i]['html'], 'script style')
event.save()
return Response({'status': 'success'})
def custom_bleach(value, allowed_tags):
"""
Works just like the 'bleach' tempalte filter, but takes an argument of a comma-separated string of the tags that
should be allowed through the filter. This list of tags *overrides* the list in the settings, so be thorough.
"""
# Use the bleach_args built from the settings, but replace the 'tags' arg with the supplied comma-separated list.
bleach_args = get_bleach_default_options()
kwargs = dict(**bleach_args)
kwargs['tags'] = [tag.strip() for tag in allowed_tags.split(',')]
bleached_value = bleach.clean(value, **kwargs)
return mark_safe(bleached_value)
def bleach_value(value, tags=None):
if value is None:
return None
bleach_args = get_bleach_default_options()
if tags is not None:
args = bleach_args.copy()
args["tags"] = tags.split(",")
else:
args = bleach_args
bleached_value = bleach.clean(value, **args)
return mark_safe(bleached_value)
def bleach_field_handler(obj: Model, field: BleachField) -> str:
"""Handles BleachField
Args:
obj (Model): Model object.
field (BleachField): Model's field.
Returns:
str: Allowed content as safe data
"""
value = str(getattr(obj, field.name, ""))
bleach_options = get_bleach_default_options()
clean_value = bleach.clean(value, **bleach_options)
return mark_safe(clean_value)
def __init__(self, allowed_tags=None, allowed_attributes=None,
allowed_styles=None, strip_comments=None, strip_tags=None,
*args, **kwargs):
self.widget = default_widget
super(BleachField, self).__init__(*args, **kwargs)
self.bleach_options = get_bleach_default_options()
if allowed_tags is not None:
self.bleach_options['tags'] = allowed_tags
if allowed_attributes is not None:
self.bleach_options['attributes'] = allowed_attributes
if allowed_styles is not None:
self.bleach_options['styles'] = allowed_styles
if strip_tags is not None:
self.bleach_options['strip'] = strip_tags
if strip_comments is not None:
self.bleach_options['strip_comments'] = strip_comments
def _validate(non_bleached_value, bleached_value):
"""Validates whether the specified non-bleached
value ended up being correctly bleached.
Arguments:
non_bleached_value:
The value before bleaching.
bleached_value:
The value after bleaching.
"""
for lang_code, _ in settings.LANGUAGES:
if not non_bleached_value.get(lang_code):
assert not bleached_value.get(lang_code)
continue
expected_value = bleach.clean(non_bleached_value.get(lang_code),
get_bleach_default_options())
assert bleached_value.get(lang_code) == expected_value
def pre_save(self, instance, add: bool):
"""Ran just before the model is saved, allows us to built the slug.
Arguments:
instance:
The model that is being saved.
add:
Indicates whether this is a new entry
to the database or an update.
"""
# the bleach library vendors dependencies and the html5lib
# dependency is incompatible with python 3.9, until that's
# fixed, you cannot use LocalizedBleachField with python 3.9
# sympton:
# ImportError: cannot import name 'Mapping' from 'collections'
try:
import bleach
from django_bleach.utils import get_bleach_default_options
except ImportError:
raise UserWarning(
"LocalizedBleachField is not compatible with Python 3.9 yet."
)
localized_value = getattr(instance, self.attname)
if not localized_value:
return None
for lang_code, _ in settings.LANGUAGES:
value = localized_value.get(lang_code)
if not value:
continue
localized_value.set(
lang_code, bleach.clean(value, **get_bleach_default_options())
)
return localized_value
def test_strip_comments(self, settings):
bleach_args = get_bleach_default_options()
self.assertEqual(bleach_args['strip_comments'], True)
def test_custom_tags(self, settings):
bleach_args = get_bleach_default_options()
self.assertEqual(bleach_args['tags'], ALLOWED_TAGS)
def test_custom_styles(self, settings):
bleach_args = get_bleach_default_options()
self.assertEqual(bleach_args['styles'], ALLOWED_STYLES)
def test_custom_proto(self, settings):
bleach_args = get_bleach_default_options()
self.assertEqual(bleach_args['protocols'], ALLOWED_PROTOCOLS)
def test_custom_attrs(self, settings):
bleach_args = get_bleach_default_options()
self.assertEqual(bleach_args['attributes'], ALLOWED_ATTRIBUTES)
def update_event_form(request, event):
if request.data.get('form_fields'):
event.form_fields = request.data.get('form_fields')
for i, field in enumerate(event.form_fields):
if field.has_key('html'):
event.form_fields[i]['html'] = bleach.clean(event.form_fields[i]['html'], **get_bleach_default_options())#removetags(event.form_fields[i]['html'], 'script style')
event.save()
return Response({'status':'success'})
