Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?
Yay! Happy customer. :D I just put your snippet in my models.py and it works. from bleach import sanitizer if "tel" not in sanitizer.BleachSanitizer.allowed_protocols: sanitizer.BleachSanitizer.allowed_protocols += ["tel"] I'm not in a position to upgrade Mezzanine due to formal procedures around pen testing. Thanks. On Thursday, July 21, 2016 at 5:58:34 PM UTC+12, Stephen McDonald wrote: > > I did a bit of digging and it's a known issue with the "bleach" library we > use to sanitize HTML: > > https://github.com/mozilla/bleach/issues/102 > > I've added the patch mentioned in the issue and it appears to work: > > > https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb > > Prior to upgrading, you might be able to do the same in your project's > code somewhere, possibly its settings.py module. > > On Thu, Jul 21, 2016 at 12:18 PM, RandomDude> wrote: > >> Version: Mezzanine (4.0.1) >> >> >> Mailto before save: >> >> mailto:som...@example.com >> ?Subject=Hello%20again">Send >> Mail >> >> After save: (works!) >> >> mailto:som...@example.com >> ?Subject=Hello%20again">Send >> Mail >> >> Click to call tel before save: >> >> +1 (303) 499-7111 >> >> After save: (href stripped out) >> >> +1 (303) 499-7111 >> >> Here are my rich text settings: >> >> RICHTEXT_ALLOWED_TAGS = >> ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a', >> >> 'em') >> RICHTEXT_ALLOWED_ATTRIBUTES = ('href') >> >> The following are not in used in my settings.py file. >> >> RICHTEXT_ALLOWED_STYLES >> RICHTEXT_FILTER >> RICHTEXT_FILTERS >> RICHTEXT_FILTER_LEVEL >> RICHTEXT_WIDGET_CLASS >> >> How do I prevent tel: from being stripped out please? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Mezzanine Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to mezzanine-use...@googlegroups.com . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Stephen McDonald > http://jupo.org > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?
I did a bit of digging and it's a known issue with the "bleach" library we use to sanitize HTML: https://github.com/mozilla/bleach/issues/102 I've added the patch mentioned in the issue and it appears to work: https://github.com/stephenmcd/mezzanine/commit/a50da71da521b3fb03f8b089736eca9656e71bbb Prior to upgrading, you might be able to do the same in your project's code somewhere, possibly its settings.py module. On Thu, Jul 21, 2016 at 12:18 PM, RandomDudewrote: > Version: Mezzanine (4.0.1) > > > Mailto before save: > > mailto:some...@example.com?Subject=Hello%20again;>Send > Mail > > After save: (works!) > > mailto:some...@example.com?Subject=Hello%20again;>Send > Mail > > Click to call tel before save: > > +1 (303) 499-7111 > > After save: (href stripped out) > > +1 (303) 499-7111 > > Here are my rich text settings: > > RICHTEXT_ALLOWED_TAGS = > ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a', > 'em') > RICHTEXT_ALLOWED_ATTRIBUTES = ('href') > > The following are not in used in my settings.py file. > > RICHTEXT_ALLOWED_STYLES > RICHTEXT_FILTER > RICHTEXT_FILTERS > RICHTEXT_FILTER_LEVEL > RICHTEXT_WIDGET_CLASS > > How do I prevent tel: from being stripped out please? > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mezzanine-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?
You may just need to upgrade to 4.1.0. See https://github.com/stephenmcd/mezzanine/pull/1473. On Wed, Jul 20, 2016 at 10:18 PM, RandomDudewrote: > Version: Mezzanine (4.0.1) > > > Mailto before save: > > mailto:some...@example.com?Subject=Hello%20again;>Send > Mail > > After save: (works!) > > mailto:some...@example.com?Subject=Hello%20again;>Send > Mail > > Click to call tel before save: > > +1 (303) 499-7111 > > After save: (href stripped out) > > +1 (303) 499-7111 > > Here are my rich text settings: > > RICHTEXT_ALLOWED_TAGS = > ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a', > 'em') > RICHTEXT_ALLOWED_ATTRIBUTES = ('href') > > The following are not in used in my settings.py file. > > RICHTEXT_ALLOWED_STYLES > RICHTEXT_FILTER > RICHTEXT_FILTERS > RICHTEXT_FILTER_LEVEL > RICHTEXT_WIDGET_CLASS > > How do I prevent tel: from being stripped out please? > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mezzanine-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[mezzanine-users] tel: being stripped from anchor href when saving a RichTextField. How do I allow it?
Version: Mezzanine (4.0.1) Mailto before save: mailto:some...@example.com?Subject=Hello%20again;>Send Mail After save: (works!) mailto:some...@example.com?Subject=Hello%20again;>Send Mail Click to call tel before save: +1 (303) 499-7111 After save: (href stripped out) +1 (303) 499-7111 Here are my rich text settings: RICHTEXT_ALLOWED_TAGS = ('p','h1','h2','h3','h4','h5','h6','ol','ul','li','strong','table','caption','thead','tbody','tr','th','td','br','a', 'em') RICHTEXT_ALLOWED_ATTRIBUTES = ('href') The following are not in used in my settings.py file. RICHTEXT_ALLOWED_STYLES RICHTEXT_FILTER RICHTEXT_FILTERS RICHTEXT_FILTER_LEVEL RICHTEXT_WIDGET_CLASS How do I prevent tel: from being stripped out please? -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.