Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

2016-07-21 Thread RandomDude 
Yay! Happy customer.
:D

I just put your snippet in my models.py and it works.

from bleach import sanitizer

if "tel" not in sanitizer.BleachSanitizer.allowed_protocols:
sanitizer.BleachSanitizer.allowed_protocols += ["tel"]

I'm not in a position to upgrade Mezzanine due to formal procedures around 
pen testing.
Thanks.


On Thursday, July 21, 2016 at 5:58:34 PM UTC+12, Stephen McDonald wrote:
>
> I did a bit of digging and it's a known issue with the "bleach" library we 
> use to sanitize HTML:
>
> https://github.com/mozilla/bleach/issues/102
>
> I've added the patch mentioned in the issue and it appears to work:
>
>
> https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb
>
> Prior to upgrading, you might be able to do the same in your project's 
> code somewhere, possibly its settings.py module.
>
> On Thu, Jul 21, 2016 at 12:18 PM, RandomDude  > wrote:
>
>> Version: Mezzanine (4.0.1)
>>
>>
>> Mailto before save:
>>
>> mailto:som...@example.com 
>> ?Subject=Hello%20again">Send 
>> Mail
>>
>> After save: (works!)
>>
>> mailto:som...@example.com 
>> ?Subject=Hello%20again">Send 
>> Mail
>>
>> Click to call tel before save:
>>
>> +1 (303) 499-7111
>>
>> After save: (href stripped out)
>>
>> +1 (303) 499-7111
>>
>> Here are my rich text settings:
>>
>> RICHTEXT_ALLOWED_TAGS = 
>> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
>>  
>> 'em')
>> RICHTEXT_ALLOWED_ATTRIBUTES = ('href')
>>
>> The following are not in used in my settings.py file.
>>
>> RICHTEXT_ALLOWED_STYLES
>> RICHTEXT_FILTER
>> RICHTEXT_FILTERS
>> RICHTEXT_FILTER_LEVEL
>> RICHTEXT_WIDGET_CLASS
>>
>> How do I prevent tel: from being stripped out please?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Mezzanine Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to mezzanine-use...@googlegroups.com .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Stephen McDonald
> http://jupo.org
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

2016-07-20 Thread Stephen McDonald 
I did a bit of digging and it's a known issue with the "bleach" library we
use to sanitize HTML:

https://github.com/mozilla/bleach/issues/102

I've added the patch mentioned in the issue and it appears to work:

https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb

Prior to upgrading, you might be able to do the same in your project's code
somewhere, possibly its settings.py module.

On Thu, Jul 21, 2016 at 12:18 PM, RandomDude  wrote:

> Version: Mezzanine (4.0.1)
>
>
> Mailto before save:
>
> mailto:some...@example.com?Subject=Hello%20again;>Send
> Mail
>
> After save: (works!)
>
> mailto:some...@example.com?Subject=Hello%20again;>Send
> Mail
>
> Click to call tel before save:
>
> +1 (303) 499-7111
>
> After save: (href stripped out)
>
> +1 (303) 499-7111
>
> Here are my rich text settings:
>
> RICHTEXT_ALLOWED_TAGS =
> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
> 'em')
> RICHTEXT_ALLOWED_ATTRIBUTES = ('href')
>
> The following are not in used in my settings.py file.
>
> RICHTEXT_ALLOWED_STYLES
> RICHTEXT_FILTER
> RICHTEXT_FILTERS
> RICHTEXT_FILTER_LEVEL
> RICHTEXT_WIDGET_CLASS
>
> How do I prevent tel: from being stripped out please?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mezzanine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mezzanine-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Stephen McDonald
http://jupo.org

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

2016-07-20 Thread Ryne Everett 
You may just need to upgrade to 4.1.0. See
https://github.com/stephenmcd/mezzanine/pull/1473.

On Wed, Jul 20, 2016 at 10:18 PM, RandomDude  wrote:

> Version: Mezzanine (4.0.1)
>
>
> Mailto before save:
>
> mailto:some...@example.com?Subject=Hello%20again;>Send
> Mail
>
> After save: (works!)
>
> mailto:some...@example.com?Subject=Hello%20again;>Send
> Mail
>
> Click to call tel before save:
>
> +1 (303) 499-7111
>
> After save: (href stripped out)
>
> +1 (303) 499-7111
>
> Here are my rich text settings:
>
> RICHTEXT_ALLOWED_TAGS =
> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
> 'em')
> RICHTEXT_ALLOWED_ATTRIBUTES = ('href')
>
> The following are not in used in my settings.py file.
>
> RICHTEXT_ALLOWED_STYLES
> RICHTEXT_FILTER
> RICHTEXT_FILTERS
> RICHTEXT_FILTER_LEVEL
> RICHTEXT_WIDGET_CLASS
>
> How do I prevent tel: from being stripped out please?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mezzanine Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mezzanine-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?

2016-07-20 Thread RandomDude 
Version: Mezzanine (4.0.1)


Mailto before save:

mailto:some...@example.com?Subject=Hello%20again;>Send 
Mail

After save: (works!)

mailto:some...@example.com?Subject=Hello%20again;>Send 
Mail

Click to call tel before save:

+1 (303) 499-7111

After save: (href stripped out)

+1 (303) 499-7111

Here are my rich text settings:

RICHTEXT_ALLOWED_TAGS = 
('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a',
 
'em')
RICHTEXT_ALLOWED_ATTRIBUTES = ('href')

The following are not in used in my settings.py file.

RICHTEXT_ALLOWED_STYLES
RICHTEXT_FILTER
RICHTEXT_FILTERS
RICHTEXT_FILTER_LEVEL
RICHTEXT_WIDGET_CLASS

How do I prevent tel: from being stripped out please?

-- 
You received this message because you are subscribed to the Google Groups 
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.