On Fri, Oct 09, 2020 at 06:22:10PM +1100, Mike Dewhirst wrote: > On 9/10/2020 11:55 am, Ryan Nowakowski wrote: > > Maybe you could swap out the default ImageField widget for > > TinyMCE-lite HTMLField? Security-wise you probably want to sanitize > > the input from HTMLField in Django to make sure only img tags are allowed. > > With the image pasted in, viewing the browser page source it is > represented as just a string although it does contain ... > > ... src="data:image/png;base64,iVBOR ... > > > Are you saying all I have to do is write a clean() method for the > HTMLField to detect various image types?
In your Django form class I'd write a clean method specifically for that field[1] that parses the html, perhaps using BeautifulSoup[2]. Then search for any "img" tags. For each img tag, parse the data URI[3] to get the image data. You still have the problem that the HTMLField is meant to be a replacement for TextField so you'll need to figure out how to back that with an ImageField instead. Perhaps you should try to go one level lower and use the TinyMCE form widget[4] instead of using the HTMLField? [1] https://docs.djangoproject.com/en/3.1/ref/forms/validation/#cleaning-a-specific-field-attribute [2] https://www.crummy.com/software/BeautifulSoup/bs4/doc/ [3] https://stackoverflow.com/a/33870677/226697 [4] http://romanvm.github.io/django-tinymce4-lite/usage.html#tinymce-widget-for-forms -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20201014222827.GW12495%40fattuba.com.
