From c1a76c4c18e413505a0e15a07aadf73ef3223173 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Tue, 28 Mar 2017 10:54:08 +0200
Subject: [PATCH] HTML Sanitizer: Allow the class attribute

---
 src/pretix/base/templatetags/rich_text.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/pretix/base/templatetags/rich_text.py b/src/pretix/base/templatetags/rich_text.py
index 5ca9b48bea..7536042bec 100644
--- a/src/pretix/base/templatetags/rich_text.py
+++ b/src/pretix/base/templatetags/rich_text.py
@@ -25,6 +25,8 @@ ALLOWED_TAGS = [
     'tr',
     'td',
     'th',
+    'div',
+    'span'
 ]
 
 ALLOWED_ATTRIBUTES = {
@@ -33,6 +35,9 @@ ALLOWED_ATTRIBUTES = {
     'acronym': ['title'],
     'table': ['width'],
     'td': ['width', 'align'],
+    'div': ['class'],
+    'p': ['class'],
+    'span': ['class'],
 }
 
 
@@ -41,5 +46,9 @@ def rich_text(text: str, **kwargs):
     """
     Processes markdown and cleans HTML in a text input.
     """
-    body_md = bleach.linkify(bleach.clean(markdown.markdown(text), tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES))
+    body_md = bleach.linkify(bleach.clean(
+        markdown.markdown(text),
+        tags=ALLOWED_TAGS,
+        attributes=ALLOWED_ATTRIBUTES,
+    ))
     return mark_safe(body_md)