Commit fadb92b2 authored by Thom Wiggers's avatar Thom Wiggers 📐
Browse files

Merge branch 'fix/bleach-text-decoration' into 'master'

Allow span with text-decoration by bleach

Closes #564

See merge request !707
parents ea0ef4a4 242e9452
......@@ -8,22 +8,12 @@ from django.utils.safestring import mark_safe
register = template.Library()
def _allow_attributes(tag, name, value):
if name in ('class', ):
return True
elif tag == 'a' and name in ('href', 'rel', 'target', 'title'):
return True
elif tag == 'img' and name in ('alt', 'title', 'src'):
return True
elif tag == 'iframe' and name in (
'width', 'height', 'frameborder', 'allowfullscreen'):
def _allow_iframe_attrs(tag, name, value):
if name in ('class', 'width', 'height', 'frameborder', 'allowfullscreen'):
return True
elif tag == 'iframe' and name == 'src':
if (value.startswith('https://www.youtube.com/embed/') or
value.startswith('https://www.youtube-nocookie.com/embed/')):
return True
else:
return False
return (value.startswith('https://www.youtube.com/embed/') or
value.startswith('https://www.youtube-nocookie.com/embed/'))
return False
......@@ -59,12 +49,18 @@ def bleach(value):
return mark_safe(
clean(
value,
tags=(
tags=[
'h2', 'h3', 'p', 'a', 'div',
'strong', 'em', 'i', 'b', 'ul', 'li', 'br', 'ol',
'iframe', 'img'
),
attributes=_allow_attributes,
'iframe', 'img', 'span',
],
attributes={
'*': ['class', 'style'],
'iframe': _allow_iframe_attrs,
'a': ['href', 'rel', 'target', 'title'],
'img': ['alt', 'title', 'src'],
},
styles=['text-decoration'],
strip=True
)
)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment