def save(self, commit=True):
article = super(CreateNewsBlogArticleForm, self).save(commit=False)
# Set owner to current user
article.owner = self.user
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
if content and permissions.has_plugin_permission(
self.user, 'TextPlugin', 'add'):
# If the article has not been saved, then there will be no
# Placeholder set-up for this article yet, so, ensure we have saved
# first.
if not article.pk:
article.save()
if article and article.content:
add_plugin(
placeholder=article.content,
plugin_type='TextPlugin',
language=self.language_code,
body=content,
)
with transaction.atomic():
with create_revision():
article.save()
if self.user:
set_user(self.user)
set_comment(ugettext("Initial version."))
return article
def save(self, commit=True):
article = super(CreateNewsBlogArticleForm, self).save(commit=False)
# Set owner to current user
article.owner = self.user
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
if content and permissions.has_plugin_permission(
self.user, 'TextPlugin', 'add'):
# If the article has not been saved, then there will be no
# Placeholder set-up for this article yet, so, ensure we have saved
# first.
if not article.pk:
article.save()
if article and article.content:
add_plugin(
placeholder=article.content,
plugin_type='TextPlugin',
language=self.language_code,
body=content,
)
with transaction.atomic():
with create_revision():
article.save()
if self.user:
set_user(self.user)
set_comment(ugettext("Initial version."))
return article
def save(self, commit=True):
job_opening = super(CreateJobOpeningForm, self).save(commit=False)
# If 'job_opening_content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
job_opening_content = clean_html(self.cleaned_data.get('job_opening_content', ''), False)
content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
if job_opening_content and permissions.has_plugin_permission(
self.user, content_plugin, 'add'):
# If the job_opening has not been saved, then there will be no
# Placeholder set-up for this question yet, so, ensure we have saved
# first.
if not job_opening.pk:
job_opening.save()
if job_opening and job_opening.content:
plugin_kwargs = {
'placeholder': job_opening.content,
'plugin_type': content_plugin,
'language': self.language_code,
content_field: job_opening_content,
}
add_plugin(**plugin_kwargs)
job_opening.save()
return job_opening
def test_sanitizer_without_token_parsers(self):
sanitizer.TextSanitizer.allow_token_parsers = ()
parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
tokenizer=sanitizer.TextSanitizer)
body = '<span data-one="1" data-two="2">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertEqual('<span>some text</span>', body)
def test_custom_protocol_enabled(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = ('rtmp',)
parser = html._get_default_parser()
text = html.clean_html('''<source src="rtmp://testurl.com/">''',
full=False,
parser=parser)
self.assertEqual('''<source src="rtmp://testurl.com/">''', text)
def save(self, commit=True):
job_opening = super(CreateJobOpeningForm, self).save(commit=False)
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')
if content and permissions.has_plugin_permission(
self.user, 'TextPlugin', 'add'):
# If the job_opening has not been saved, then there will be no
# Placeholder set-up for this question yet, so, ensure we have saved
# first.
if not job_opening.pk:
job_opening.save()
if job_opening and job_opening.content:
plugin_kwargs = {
'placeholder': job_opening.content,
'plugin_type': content_plugin,
'language': self.language_code,
get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY'): content,
}
add_plugin(**plugin_kwargs)
with transaction.atomic():
with revision_context_manager.create_revision():
job_opening.save()
if self.user:
revision_context_manager.set_user(self.user)
revision_context_manager.set_comment(
ugettext("Initial version."))
return job_opening
def test_sanitizer_without_token_parsers(self):
sanitizer.TextSanitizer.allow_token_parsers = ()
parser = html5lib.HTMLParser(
tree=treebuilders.getTreeBuilder('dom'),
)
body = '<span data-one="1" data-two="2">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertEqual('<span>some text</span>', body)
def test_default_protocol_escaping(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = []
parser = html._get_default_parser()
text = html.clean_html(
'<source src="rtmp://testurl.com/">',
full=False,
parser=parser,
)
self.assertEqual('<source>', text)
def site_context():
site = Site.objects.get_current()
settings = SiteSettings.get(site)
return {
'site_name': site.name,
'site_logo': settings.logo.url if settings.logo else "",
'site_footer': mark_safe(clean_html(settings.footer, full=False)) if settings.footer else None,
}
def test_default_protocol_escaping(self):
settings.TEXT_ADDITIONAL_PROTOCOLS = []
parser = html._get_default_parser()
text = html.clean_html(
'<source src="rtmp://testurl.com/">',
full=False,
parser=parser,
)
self.assertEqual('<source>', text)
def test_sanitizer_with_custom_token_parser(self):
class DonutAttributeParser(sanitizer.AllowTokenParser):
def parse(self, attribute, val):
return attribute == 'donut'
sanitizer.TextSanitizer.allow_token_parsers = (DonutAttributeParser, )
parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"), )
body = '<span donut="yummy">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertEqual('<span donut="yummy">some text</span>', body)
def test_sanitizer(self):
allowed_attrs = html5lib.filters.sanitizer.allowed_attributes
sanitizer.TextSanitizer.allow_token_parsers = (
attribute_parsers.DataAttributeParser, )
parser = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"), )
body = '<span data-one="1" data-two="2">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertTrue('data-one="1"' in body)
self.assertTrue('data-two="2"' in body)
self.assertEqual(allowed_attrs,
html5lib.filters.sanitizer.allowed_attributes)
def test_sanitizer(self):
allowed_attrs = html5lib.filters.sanitizer.allowed_attributes
sanitizer.TextSanitizer.allow_token_parsers = (attribute_parsers.DataAttributeParser,)
parser = html5lib.HTMLParser(
tree=treebuilders.getTreeBuilder('dom'),
)
body = '<span data-one="1" data-two="2">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertTrue('data-one="1"' in body)
self.assertTrue('data-two="2"' in body)
self.assertEqual(allowed_attrs, html5lib.filters.sanitizer.allowed_attributes)
def test_default_tag_escaping(self):
settings.TEXT_ADDITIONAL_TAGS = []
parser = html._get_default_parser()
text = html.clean_html(
'<iframe src="rtmp://testurl.com/"></iframe>',
full=False,
parser=parser,
)
self.assertEqual(
'<iframe src="rtmp://testurl.com/"></iframe>',
text,
)
def test_custom_attribute_enabled(self):
settings.TEXT_ADDITIONAL_ATTRIBUTES = ['test-attr']
parser = html._get_default_parser()
text = html.clean_html(
'<span test-attr="2">foo</span>',
full=False,
parser=parser,
)
self.assertEqual(
'<span test-attr="2">foo</span>',
text,
)
def save(self, commit=True):
event = super(CreateEventForm, self).save(commit=False)
if not commit:
return event
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
description = clean_html(self.cleaned_data.get('description', ''),
False)
try:
# CMS >= 3.3.x
content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
except KeyError:
# CMS <= 3.2.x
content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')
try:
# CMS >= 3.3.x
content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
except KeyError:
# CMS <= 3.2.x
content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')
if description and permissions.has_plugin_permission(
self.user, content_plugin, 'add'):
# If the event has not been saved, then there will be no
# Placeholder set-up for this event yet, so, ensure we have saved
# first.
if not event.pk:
event.save()
if event and event.description:
# we have to use kwargs because we don't know in advance what
# is the 'body' field for configured plugin
plugin_kwargs = {
'placeholder': event.description,
'plugin_type': content_plugin,
'language': self.language_code,
content_field: description,
}
add_plugin(**plugin_kwargs)
with transaction.atomic():
with revision_context_manager.create_revision():
event.save()
if self.user:
revision_context_manager.set_user(self.user)
revision_context_manager.set_comment(
ugettext("Initial version."))
return event
def test_default_tag_escaping(self):
settings.TEXT_ADDITIONAL_TAGS = []
parser = html._get_default_parser()
text = html.clean_html(
'<iframe src="rtmp://testurl.com/"></iframe>',
full=False,
parser=parser,
)
self.assertEqual(
'<iframe src="rtmp://testurl.com/"></iframe>',
text,
)
def test_custom_attribute_enabled(self):
settings.TEXT_ADDITIONAL_ATTRIBUTES = ['test-attr']
parser = html._get_default_parser()
text = html.clean_html(
'<span test-attr="2">foo</span>',
full=False,
parser=parser,
)
self.assertEqual(
'<span test-attr="2">foo</span>',
text,
)
def test_custom_tag_enabled(self):
settings.TEXT_ADDITIONAL_TAGS = ['iframe']
parser = html._get_default_parser()
text = html.clean_html(
'<iframe src="rtmp://testurl.com/"></iframe>',
full=False,
parser=parser,
)
self.assertEqual(
'<iframe src="rtmp://testurl.com/"></iframe>',
text,
)
def test_custom_tag_enabled(self):
settings.TEXT_ADDITIONAL_TAGS = ['iframe']
parser = html._get_default_parser()
text = html.clean_html(
'<iframe src="rtmp://testurl.com/"></iframe>',
full=False,
parser=parser,
)
self.assertEqual(
'<iframe src="rtmp://testurl.com/"></iframe>',
text,
)
def save(self, commit=True):
event = super(CreateEventForm, self).save(commit=False)
if not commit:
return event
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
description = clean_html(
self.cleaned_data.get('description', ''), False)
try:
# CMS >= 3.3.x
content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
except KeyError:
# CMS <= 3.2.x
content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')
try:
# CMS >= 3.3.x
content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
except KeyError:
# CMS <= 3.2.x
content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')
if description and permissions.has_plugin_permission(
self.user, content_plugin, 'add'):
# If the event has not been saved, then there will be no
# Placeholder set-up for this event yet, so, ensure we have saved
# first.
if not event.pk:
event.save()
if event and event.description:
# we have to use kwargs because we don't know in advance what
# is the 'body' field for configured plugin
plugin_kwargs = {
'placeholder': event.description,
'plugin_type': content_plugin,
'language': self.language_code,
content_field: description,
}
add_plugin(**plugin_kwargs)
with transaction.atomic():
with revision_context_manager.create_revision():
event.save()
if self.user:
revision_context_manager.set_user(self.user)
revision_context_manager.set_comment(
ugettext("Initial version."))
return event
def test_sanitizer_with_custom_token_parser(self):
class DonutAttributeParser(sanitizer.AllowTokenParser):
def parse(self, attribute, val):
return attribute == 'donut'
sanitizer.TextSanitizer.allow_token_parsers = (DonutAttributeParser,)
parser = html5lib.HTMLParser(
tree=treebuilders.getTreeBuilder('dom'),
)
body = '<span donut="yummy">some text</span>'
body = html.clean_html(body, full=False, parser=parser)
self.assertEqual('<span donut="yummy">some text</span>', body)
def save(self, commit=True):
question = super(CreateFaqQuestionForm, self).save(commit=False)
# If 'content' field has value, create a TextPlugin with same and add
# it to the PlaceholderField
answer = clean_html(self.cleaned_data.get('answer', ''), False)
try:
# CMS >= 3.3.x
content_plugin = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN')
except KeyError:
# CMS <= 3.2.x
content_plugin = get_cms_setting('WIZARD_CONTENT_PLUGIN')
try:
# CMS >= 3.3.x
content_field = get_cms_setting('PAGE_WIZARD_CONTENT_PLUGIN_BODY')
except KeyError:
# CMS <= 3.2.x
content_field = get_cms_setting('WIZARD_CONTENT_PLUGIN_BODY')
if answer and permissions.has_plugin_permission(
self.user, content_plugin, 'add'):
# If the question has not been saved, then there will be no
# Placeholder set-up for this question yet, so, ensure we have saved
# first.
if not question.pk:
question.save()
if question and question.answer:
plugin_kwarg = {
'placeholder': question.answer,
'plugin_type': content_plugin,
'language': self.language_code,
content_field: answer,
}
add_plugin(**plugin_kwarg)
# Ensure we make an initial revision
with transaction.atomic():
with revision_context_manager.create_revision():
question.save()
if self.user:
revision_context_manager.set_user(self.user)
revision_context_manager.set_comment(
ugettext("Initial version."))
return question
def save(self, commit=True):
article = super(CreateNewsBlogArticleForm, self).save(commit=commit)
# If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
if content and permissions.has_plugin_permission(
self.user, 'TextPlugin', 'add'):
add_plugin(
placeholder=article.content,
plugin_type='TextPlugin',
language=self.language_code,
body=content,
)
return article
def test_clean_html_with_sanitize_disabled(self):
old_TEXT_HTML_SANITIZE = settings.TEXT_HTML_SANITIZE
settings.TEXT_HTML_SANITIZE = False
parser = html._get_default_parser()
original = '<span test-attr="2">foo</span>'
cleaned = html.clean_html(
original,
full=False,
parser=parser,
)
try:
self.assertHTMLEqual(original, cleaned)
finally:
settings.TEXT_HTML_SANITIZE = old_TEXT_HTML_SANITIZE
def save(self, commit=True):
dashboard = super(CreateDashboards_appDashboardForm, self).save(commit=False)
dashboard.owner = self.user
dashboard.save()
# If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
if content and permissions.has_plugin_permission(self.user, 'TextPlugin', 'add'):
add_plugin(
placeholder=dashboard.content,
plugin_type='TextPlugin',
language=self.language_code,
body=content,
)
return dashboard
def save(self, commit=True):
article = super(CreateNewsBlogArticleForm, self).save(commit=False)
article.owner = self.user
article.app_config = NewsBlogConfig.objects.filter(
pk=self.cleaned_data['app_config']).first()
article.is_published = True
article.save()
# If 'content' field has value, create a TextPlugin with same and add it to the PlaceholderField
content = clean_html(self.cleaned_data.get('content', ''), False)
if content:
add_plugin(
placeholder=article.content,
plugin_type='TextPlugin',
language=self.language_code,
body=content,
)
return article
def save(self, *args, **kwargs):
# Clean HTML from potential XSS content
self.body = clean_html(self.body, full=False)
super().save(*args, **kwargs)
def clean(self, value, model_instance):
value = super(HTMLField, self).clean(value, model_instance)
return clean_html(value, full=False)
def save(self, *args, **kwargs):
body = self.body
body = extract_images(body, self)
body = clean_html(body, full=False)
self.body = body
super(Text, self).save(*args, **kwargs)
def clean(self, value, model_instance):
value = super(HTMLField, self).clean(value, model_instance)
return clean_html(value, full=False)
def _compare_html(html_a, html_b):
soup_a = BeautifulSoup(html_a, 'html5lib')
soup_b = BeautifulSoup(html_b, 'html5lib')
return (clean_html(soup_a.prettify()) == clean_html(soup_b.prettify()))
def save(self, *args, **kwargs):
body = self.body
body = extract_images(body, self)
body = clean_html(body, full=False)
self.body = body
super(AbstractText, self).save(*args, **kwargs)
