Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

Thu, 21 Jul 2016 14:57:49 -0700 

Yay! Happy customer.
:D

I just put your snippet in my models.py and it works.

from bleach import sanitizer

if "tel" not in sanitizer.BleachSanitizer.allowed_protocols:
    sanitizer.BleachSanitizer.allowed_protocols += ["tel"]

I'm not in a position to upgrade Mezzanine due to formal procedures around 
pen testing.
Thanks.


On Thursday, July 21, 2016 at 5:58:34 PM UTC+12, Stephen McDonald wrote:
>
> I did a bit of digging and it's a known issue with the "bleach" library we 
> use to sanitize HTML:
>
> https://github.com/mozilla/bleach/issues/102
>
> I've added the patch mentioned in the issue and it appears to work:
>
>
> https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb
>
> Prior to upgrading, you might be able to do the same in your project's 
> code somewhere, possibly its settings.py module.
>
> On Thu, Jul 21, 2016 at 12:18 PM, RandomDude <[email protected] 
> <javascript:>> wrote:
>
>> Version: Mezzanine (4.0.1)
>>
>>
>> Mailto before save:
>>
>> <p><a href="mailto:[email protected] 
>> <javascript:>?Subject=Hello%20again">Send 
>> Mail</a></p>
>>
>> After save: (works!)
>>
>> <p><a href="mailto:[email protected] 
>> <javascript:>?Subject=Hello%20again">Send 
>> Mail</a></p>
>>
>> Click to call tel before save:
>>
>> <p><a href="tel:+1-303-499-7111">+1 (303) 499-7111</a></p>
>>
>> After save: (href stripped out)
>>
>> <p><a>+1 (303) 499-7111</a></p>
>>
>> Here are my rich text settings:
>>
>> RICHTEXT_ALLOWED_TAGS = 
>> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
>>  
>> 'em')
>> RICHTEXT_ALLOWED_ATTRIBUTES = ('href')
>>
>> The following are not in used in my settings.py file.
>>
>> RICHTEXT_ALLOWED_STYLES
>> RICHTEXT_FILTER
>> RICHTEXT_FILTERS
>> RICHTEXT_FILTER_LEVEL
>> RICHTEXT_WIDGET_CLASS
>>
>> How do I prevent tel: from being stripped out please?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mezzanine Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected] <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Stephen McDonald
> http://jupo.org
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to