Fix #277 -- Embeddable shop (#622)

* Vendor vue.js

* Refactor item_group_by_category to support vouchers

* Widget: Show product list

* Widget: free prices

* Widget: pictures and loading indicator

* Widget: First iframe steps

* Widget: Do not rerender iframe

* Widget: Error handling

* Improve widget

* Widget: localization tech

* Fix invoice style

* Voucher attribute and waiting list

* Add some iframe chrome

* First step to namespaced carts

* More isolation steps

* More cart isolation things

* More cart isolation things

* Mobile stuff

* Show cart on checkout pages

* PayPal and Stripe support

* Enable downloads

* Locale handling

* change text "save URL to this exact page"

* Widget: voucher redemption

* Widget: CSS

* CSS: Responsive

* Widget: CSS improvements

* Widget: Add embedding code generator

* Widget: Error messages and SSL check

* First tests

* Widget: tests

* Don't use IDs in widgets

* Widget: static files caching

src/pretix/base/settings.py

@@ -427,6 +427,14 @@ Your {event} team"""))
         'default': None,
         'type': str
     },
+    'presale_widget_css_file': {
+        'default': None,
+        'type': str
+    },
+    'presale_widget_css_checksum': {
+        'default': None,
+        'type': str
+    },
     'logo_image': {
         'default': None,
         'type': File

src/pretix/base/templatetags/rich_text.py

@@ -4,6 +4,7 @@ import bleach
 import markdown
 from bleach import DEFAULT_CALLBACKS
 from django import template
+from django.conf import settings
 from django.core import signing
 from django.urls import reverse
 from django.utils.http import is_safe_url
@@ -63,6 +64,12 @@ def safelink_callback(attrs, new=False):
     return attrs
 
 
+def abslink_callback(attrs, new=False):
+    attrs[None, 'href'] = urllib.parse.urljoin(settings.SITE_URL, attrs.get((None, 'href'), '/'))
+    attrs[None, 'target'] = '_blank'
+    return attrs
+
+
 @register.filter
 def rich_text(text: str, **kwargs):
     """
@@ -73,5 +80,5 @@ def rich_text(text: str, **kwargs):
         markdown.markdown(text),
         tags=ALLOWED_TAGS,
         attributes=ALLOWED_ATTRIBUTES,
-    ), callbacks=DEFAULT_CALLBACKS + [safelink_callback])
+    ), callbacks=DEFAULT_CALLBACKS + ([safelink_callback] if kwargs.get('safelinks', True) else [abslink_callback]))
     return mark_safe(body_md)

src/pretix/base/validators.py

@@ -33,6 +33,7 @@ class EventSlugBlacklistValidator(BlacklistValidator):
         'api',
         'events',
         'csp_report',
+        'widget',
     ]
 
 
@@ -53,4 +54,5 @@ class OrganizerSlugBlacklistValidator(BlacklistValidator):
         'about',
         'api',
         'csp_report',
+        'widget',
     ]

src/pretix/base/views/async.py

@@ -51,6 +51,9 @@ class AsyncAction:
             return self.get_result(request)
         return self.http_method_not_allowed(request)
 
+    def _ajax_response_data(self):
+        return {}
+
     def _return_ajax_result(self, res, timeout=.5):
         if not res.ready():
             try:
@@ -59,10 +62,11 @@ class AsyncAction:
                 pass
 
         ready = res.ready()
-        data = {
+        data = self._ajax_response_data()
+        data.update({
             'async_id': res.id,
             'ready': ready
-        }
+        })
         if ready:
             if res.successful() and not isinstance(res.info, Exception):
                 smes = self.get_success_message(res.info)