Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update content filtering options for TinyMCE #4060

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
+25 −26
Draft

Update content filtering options for TinyMCE #4060

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
52599e7
Update content filtering options
petschki Nov 13, 2024
dced117
remove unused imports
petschki Nov 13, 2024
8e3e073
improve safe_html settings
petschki Nov 13, 2024
f3b37ce
update to new contentbrowser_options
petschki Nov 13, 2024
17a7f58
changenote
petschki Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 6 additions & 18 deletions Products/CMFPlone/patterns/tinymce.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
from lxml import html
from plone.app.theming.utils import theming_policy
from plone.base.interfaces import IFilterSchema
from plone.base.interfaces import ITinyMCESchema
from plone.base.navigationroot import get_navigation_root_object
from plone.base.utils import safe_text
from plone.registry.interfaces import IRegistry
from Products.CMFCore.utils import getToolByName
from Products.CMFPlone.utils import get_portal
from zope.component import getUtility

Expand Down Expand Up @@ -177,22 +174,13 @@ def get_tiny_config(self):

# add safe_html settings, which are used in backend for filtering:
if not self.filter_settings.disable_filtering:
valid_tags = self.filter_settings.valid_tags
# we just enable the general html5 filtering set from TinyMCE
# (See https://www.tiny.cloud/docs/tinymce/latest/content-filtering/#schema)
# and add the "nasty_tags" as "invalid_elements"
tiny_config["schema"] = "html5"
# filter out invalid elements early
nasty_tags = self.filter_settings.nasty_tags
custom_attributes = self.filter_settings.custom_attributes
safe_attributes = [safe_text(attr) for attr in html.defs.safe_attrs]
valid_attributes = safe_attributes + custom_attributes
# valid_elements : 'a[href|target=_blank],strong/b,div[align],br'
tiny_valid_elements = []
for tag in valid_tags:
tag_str = "{}[{}]".format(tag, "|".join(valid_attributes))
tiny_valid_elements.append(tag_str)
# We want to remove the nasty tag including the content in the
# backend, so TinyMCE should allow them here.
for tag in nasty_tags:
tag_str = "{}[{}]".format(tag, "|".join(valid_attributes))
tiny_valid_elements.append(tag_str)
tiny_config["valid_elements"] = ",".join(tiny_valid_elements)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure we don't need this anymore?
We need to make sure, that what ever is set in the HTML filter control panal is not in conflict with what TinyMCE filtering does. Is that's the case I'm fine with the simplification.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right. Only relying on the "html5" schema doesn't fit our safe_html transformation. I've updated this to fix our test scenarios again.

tiny_config["invalid_elements"] = ",".join(nasty_tags)

if settings.other_settings:
try:
Expand Down