CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

HTML Sanitizer: Allow the class attribute

Browse Source
This commit is contained in:
Raphael Michel
2017-03-28 10:54:08 +02:00
parent 8dacbe0fc6
commit c1a76c4c18
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/pretix/base/templatetags/rich_text.py
View File

@@ -25,6 +25,8 @@ ALLOWED_TAGS = [
'tr',
'td',
'th',
'div',
'span'
]
ALLOWED_ATTRIBUTES = {
@@ -33,6 +35,9 @@ ALLOWED_ATTRIBUTES = {
'acronym': ['title'],
'table': ['width'],
'td': ['width', 'align'],
'div': ['class'],
'p': ['class'],
'span': ['class'],
}
@@ -41,5 +46,9 @@ def rich_text(text: str, **kwargs):
"""
Processes markdown and cleans HTML in a text input.
"""
body_md = bleach.linkify(bleach.clean(markdown.markdown(text), tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES))
body_md = bleach.linkify(bleach.clean(
markdown.markdown(text),
tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES,
))
return mark_safe(body_md)