TemplateBasedMailRenderer: make markdown compiler call overridable (#3550)

2026-05-04 15:04:03 +00:00 · 2023-08-30 09:41:34 +02:00
parent efb1141d59
commit be4bc9a6f3
3 changed files with 107 additions and 61 deletions
--- a/src/tests/base/test_rich_text.py
+++ b/src/tests/base/test_rich_text.py
@@ -22,79 +22,122 @@
 import pytest

 from pretix.base.templatetags.rich_text import (
-    markdown_compile_email, rich_text, rich_text_snippet,
+    ALLOWED_ATTRIBUTES, ALLOWED_TAGS, markdown_compile_email, rich_text,
+    rich_text_snippet,
 )


-@pytest.mark.parametrize("link", [
-    # Test link detection
-    ("google.com",
-     '<a href="http://google.com" rel="noopener" target="_blank">google.com</a>'),
-    # Test link escaping
-    ("google\\.com", 'google.com'),
-    # Test abslink_callback
-    ("[Call](tel:+12345)",
-     '<a href="tel:+12345" rel="nofollow">Call</a>'),
-    ("[Foo](/foo)",
-     '<a href="http://example.com/foo" rel="noopener" target="_blank">Foo</a>'),
-    ("mail@example.org",
-     '<a href="mailto:mail@example.org">mail@example.org</a>'),
-    # Test truelink_callback
-    ('evilsite.com',
-     '<a href="http://evilsite.com" rel="noopener" target="_blank">evilsite.com</a>'),
-    ('cool-example.eu',
-     '<a href="http://cool-example.eu" rel="noopener" target="_blank">cool-example.eu</a>'),
-    ('<a href="https://evilsite.com">Evil GmbH & Co. KG</a>',
-     '<a href="https://evilsite.com" rel="noopener" target="_blank">Evil GmbH &amp; Co. KG</a>'),
-    ('<a href="https://evilsite.com">Evil Site</a>',
-     '<a href="https://evilsite.com" rel="noopener" target="_blank">Evil Site</a>'),
-    ('<a href="https://evilsite.com">evilsite.com</a>',
-     '<a href="https://evilsite.com" rel="noopener" target="_blank">evilsite.com</a>'),
-    ('<a href="https://evilsite.com">goodsite.com</a>',
-     '<a href="https://evilsite.com" rel="noopener" target="_blank">https://evilsite.com</a>'),
-    ('<a href="https://goodsite.com.evilsite.com">goodsite.com</a>',
-     '<a href="https://goodsite.com.evilsite.com" rel="noopener" target="_blank">https://goodsite.com.evilsite.com</a>'),
-    ('<a href="https://evilsite.com/deep/path">evilsite.com</a>',
-     '<a href="https://evilsite.com/deep/path" rel="noopener" target="_blank">evilsite.com</a>'),
-    ('<a>broken</a>', '<a>broken</a>'),
-])
+@pytest.mark.parametrize(
+    "link",
+    [
+        # Test link detection
+        (
+            "google.com",
+            '<a href="http://google.com" rel="noopener" target="_blank">google.com</a>',
+        ),
+        # Test link escaping
+        ("google\\.com", "google.com"),
+        # Test abslink_callback
+        ("[Call](tel:+12345)", '<a href="tel:+12345" rel="nofollow">Call</a>'),
+        (
+            "[Foo](/foo)",
+            '<a href="http://example.com/foo" rel="noopener" target="_blank">Foo</a>',
+        ),
+        ("mail@example.org", '<a href="mailto:mail@example.org">mail@example.org</a>'),
+        # Test truelink_callback
+        (
+            "evilsite.com",
+            '<a href="http://evilsite.com" rel="noopener" target="_blank">evilsite.com</a>',
+        ),
+        (
+            "cool-example.eu",
+            '<a href="http://cool-example.eu" rel="noopener" target="_blank">cool-example.eu</a>',
+        ),
+        (
+            '<a href="https://evilsite.com">Evil GmbH & Co. KG</a>',
+            '<a href="https://evilsite.com" rel="noopener" target="_blank">Evil GmbH &amp; Co. KG</a>',
+        ),
+        (
+            '<a href="https://evilsite.com">Evil Site</a>',
+            '<a href="https://evilsite.com" rel="noopener" target="_blank">Evil Site</a>',
+        ),
+        (
+            '<a href="https://evilsite.com">evilsite.com</a>',
+            '<a href="https://evilsite.com" rel="noopener" target="_blank">evilsite.com</a>',
+        ),
+        (
+            '<a href="https://evilsite.com">goodsite.com</a>',
+            '<a href="https://evilsite.com" rel="noopener" target="_blank">https://evilsite.com</a>',
+        ),
+        (
+            '<a href="https://goodsite.com.evilsite.com">goodsite.com</a>',
+            '<a href="https://goodsite.com.evilsite.com" rel="noopener" target="_blank">https://goodsite.com.evilsite.com</a>',
+        ),
+        (
+            '<a href="https://evilsite.com/deep/path">evilsite.com</a>',
+            '<a href="https://evilsite.com/deep/path" rel="noopener" target="_blank">evilsite.com</a>',
+        ),
+        ("<a>broken</a>", "<a>broken</a>"),
+    ],
+)
 def test_linkify_abs(link):
    input, output = link
    assert rich_text_snippet(input, safelinks=False) == output
-    assert rich_text(input, safelinks=False) == f'<p>{output}</p>'
-    assert markdown_compile_email(input) == f'<p>{output}</p>'
+    assert rich_text(input, safelinks=False) == f"<p>{output}</p>"
+    assert markdown_compile_email(input) == f"<p>{output}</p>"


-@pytest.mark.parametrize("content,result", [
-    ('a\nb', '<p>a<br>\nb</p>'),
-    ('a  \nb', '<p>a<br>\nb</p>'),
-    ('a\n\nb', '<p>a</p>\n<p>b</p>'),
-])
+@pytest.mark.parametrize(
+    "content,result",
+    [
+        ("a\nb", "<p>a<br>\nb</p>"),
+        ("a  \nb", "<p>a<br>\nb</p>"),
+        ("a\n\nb", "<p>a</p>\n<p>b</p>"),
+    ],
+)
 def test_newline_handling(content, result):
    assert rich_text(content, safelinks=False) == result


-@pytest.mark.parametrize("content,result", [
-    ('a\nb', '<p>a\nb</p>'),
-    ('a  \nb', '<p>a<br>\nb</p>'),
-    ('a\n\nb', '<p>a</p>\n<p>b</p>'),
-])
+@pytest.mark.parametrize(
+    "content,result",
+    [
+        ("a\nb", "<p>a\nb</p>"),
+        ("a  \nb", "<p>a<br>\nb</p>"),
+        ("a\n\nb", "<p>a</p>\n<p>b</p>"),
+    ],
+)
 def test_newline_handling_email(content, result):
    assert markdown_compile_email(content) == result


-@pytest.mark.parametrize("content,result,result_snippet", [
-    # attributes
-    ('<a onclick="javascript:foo()">foo</a>', '<p><a>foo</a></p>', '<a>foo</a>'),
-    ('<strong color="red">foo</strong>',
-     '<p><strong>foo</strong></p>',
-     '<strong>foo</strong>'),
-    # protocols
-    ('<a href="javascript:foo()">foo</a>', '<p><a>foo</a></p>', '<a>foo</a>'),
-    # tags
-    ('<script>foo</script>', '&lt;script&gt;foo&lt;/script&gt;', 'foo'),
-])
+@pytest.mark.parametrize(
+    "content,result,result_snippet",
+    [
+        # attributes
+        ('<a onclick="javascript:foo()">foo</a>', "<p><a>foo</a></p>", "<a>foo</a>"),
+        (
+            '<strong color="red">foo</strong>',
+            "<p><strong>foo</strong></p>",
+            "<strong>foo</strong>",
+        ),
+        # protocols
+        ('<a href="javascript:foo()">foo</a>', "<p><a>foo</a></p>", "<a>foo</a>"),
+        # tags
+        ("<script>foo</script>", "&lt;script&gt;foo&lt;/script&gt;", "foo"),
+    ],
+)
 def test_cleanup(content, result, result_snippet):
    assert rich_text(content) == result
    assert rich_text_snippet(content) == result_snippet
    assert markdown_compile_email(content) == result
+
+
+def test_markdown_email_custom_allowlist():
+    source = "![my image](https://example.org/my-image.jpg)"
+    html = markdown_compile_email(
+        source,
+        allowed_tags=ALLOWED_TAGS + ["img"],
+        allowed_attributes=dict(ALLOWED_ATTRIBUTES, img=["src", "alt", "title"]),
+    )
+    assert html == '<p><img alt="my image" src="https://example.org/my-image.jpg"></p>'