Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

Thu, 21 Jul 2016 14:57:49 -0700 

Yay! Happy customer.
:D

I just put your snippet in my models.py and it works.

from bleach import sanitizer

if "tel" not in sanitizer.BleachSanitizer.allowed_protocols:
    sanitizer.BleachSanitizer.allowed_protocols += ["tel"]

I'm not in a position to upgrade Mezzanine due to formal procedures around 
pen testing.
Thanks.


On Thursday, July 21, 2016 at 5:58:34 PM UTC+12, Stephen McDonald wrote:
>
> I did a bit of digging and it's a known issue with the "bleach" library we 
> use to sanitize HTML:
>
> https://github.com/mozilla/bleach/issues/102
>
> I've added the patch mentioned in the issue and it appears to work:
>
>
> https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb
>
> Prior to upgrading, you might be able to do the same in your project's 
> code somewhere, possibly its settings.py module.
>
> On Thu, Jul 21, 2016 at 12:18 PM, RandomDude <ab1...@gmail.com 
> <javascript:>> wrote:
>
>> Version: Mezzanine (4.0.1)
>>
>>
>> Mailto before save:
>>
>> <p><a href="mailto:som...@example.com 
>> <javascript:>?Subject=Hello%20again">Send 
>> Mail</a></p>
>>
>> After save: (works!)
>>
>> <p><a href="mailto:som...@example.com 
>> <javascript:>?Subject=Hello%20again">Send 
>> Mail</a></p>
>>
>> Click to call tel before save:
>>
>> <p><a href="tel:+1-303-499-7111">+1 (303) 499-7111</a></p>
>>
>> After save: (href stripped out)
>>
>> <p><a>+1 (303) 499-7111</a></p>
>>
>> Here are my rich text settings:
>>
>> RICHTEXT_ALLOWED_TAGS = 
>> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
>>  
>> 'em')
>> RICHTEXT_ALLOWED_ATTRIBUTES = ('href')
>>
>> The following are not in used in my settings.py file.
>>
>> RICHTEXT_ALLOWED_STYLES
>> RICHTEXT_FILTER
>> RICHTEXT_FILTERS
>> RICHTEXT_FILTER_LEVEL
>> RICHTEXT_WIDGET_CLASS
>>
>> How do I prevent tel: from being stripped out please?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mezzanine Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to mezzanine-use...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Stephen McDonald
> http://jupo.org
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to