开发者

django-cms removing <img> tags from text content

开发者 https://www.devze.com 2023-02-09 08:33 出处:网络
I\'m using d开发者_如何转开发jango-cms, and I add a piece of text content (using the standard text plugin) to a page.Then on that piece of text, I go into html mode and add <img src=\"/foo/bar.png\

I'm using d开发者_如何转开发jango-cms, and I add a piece of text content (using the standard text plugin) to a page. Then on that piece of text, I go into html mode and add <img src="/foo/bar.png" /> and save the plugin and save the page.

On the site, now, I see the page changes I've made, but the img tag has been stripped out.

Any idea why this is happening? I've tried wymeditor and fckeditor and it happens under both.


I believe that in Django CMS, the HTML cleaning happens before the Django Template layer. I took a look in my database and found that a "" tag in my HTML was being sanitized.

I think this happens at the Plugin (the phrase Django CMS uses for its bits of content) layer. I'm assuming that to add HTML, you're using the Text plugin. Looking at the source for the clean method of the Text plugin model:

def clean(self):
    self.body = clean_html(self.body, full=False)

It calls cms.utils.clean_html, which in turn uses html5lib to sanitize the HTML.

One way to work around this would be to create a custom plugin that inherits from the Text plugin and re-implements the clean method that doesn't do this sanitization.


In Django, strings are sanitized before being output onto a webpage by default. I suspect Django-CMS treats plugins like unsanitized user data, so the Django Template system strips out an HTML characters from the plugin.

Django Template Docs: http://docs.djangoproject.com/en/dev/ref/templates/builtins/?from=olddocs

Note the very first item, autoescape. I suspect plugins are being run through that filter.

Sorry, I don't have any more specifics. I'm not a Django-CMS guy.

0

精彩评论

暂无评论...
验证码 换一张
取 消