From 18b7c6b106c1f5f1cb7ead438c613a6a7b6cc8e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Luk=C3=A1cs?= Date: Mon, 3 Feb 2025 18:04:45 +0100 Subject: [PATCH 1/2] Added suport of `allowed_protocols` bleach config --- README.md | 8 +++++--- src/wagtailmarkdown/constants.py | 7 +++++++ src/wagtailmarkdown/utils.py | 8 ++++++++ tests/testapp/tests/test_settings.py | 19 +++++++++++++++++++ 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a2c4774..e89a9dd 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ WAGTAILMARKDOWN = { "allowed_tags": [], # optional. a list of HTML tags. e.g. ['div', 'p', 'a'] "allowed_styles": [], # optional. a list of styles "allowed_attributes": {}, # optional. a dict with HTML tag as key and a list of attributes as value + "allowed_protocols": [], # optional. a list of protocols e.g. ['http', 'https', 'mailto', 'tel'] "allowed_settings_mode": "extend", # optional. Possible values: "extend" or "override". Defaults to "extend". "extensions": [], # optional. a list of python-markdown supported extensions "extension_configs": {}, # optional. a dictionary with the extension name as key, and its configuration as value @@ -62,7 +63,7 @@ WAGTAILMARKDOWN = { } ``` -Note: `allowed_tags`, `allowed_styles`, `allowed_attributes`, `extensions` and `extension_configs` are added to the +Note: `allowed_tags`, `allowed_styles`, `allowed_attributes`, `allowed_protocols`, `extensions` and `extension_configs` are added to the [default wagtail-markdown settings](https://github.com/torchbox/wagtail-markdown/blob/main/src/wagtailmarkdown/constants.py). @@ -156,10 +157,10 @@ WAGTAILMARKDOWN = { } ``` -#### Allowed HTML - `allowed_styles` / `allowed_attributes` / `allowed_tags` +#### Allowed HTML - `allowed_styles` / `allowed_attributes` / `allowed_tags` / `allowed_protocols` wagtail-markdown uses [bleach](https://github.com/mozilla/bleach) to sanitise the input. To extend the default -bleach configurations, you can add your own allowed tags, styles or attributes: +bleach configurations, you can add your own allowed tags, styles, attributes or protocols: ```python WAGTAILMARKDOWN = { @@ -167,6 +168,7 @@ WAGTAILMARKDOWN = { "allowed_tags": ["i"], "allowed_styles": ["some_style"], "allowed_attributes": {"i": ["aria-hidden"]}, + "allowed_protocols": ["tel"], } ``` diff --git a/src/wagtailmarkdown/constants.py b/src/wagtailmarkdown/constants.py index edbc8cb..7e63129 100644 --- a/src/wagtailmarkdown/constants.py +++ b/src/wagtailmarkdown/constants.py @@ -90,10 +90,17 @@ "margin-right", ] +DEFAULT_ALLOWED_PROTOCOLS = [ + "http", + "https", + "mailto", +] + DEFAULT_BLEACH_KWARGS = { "tags": DEFAULT_ALLOWED_TAGS, "attributes": DEFAULT_ALLOWED_ATTRIBUTES, "styles": DEFAULT_ALLOWED_STYLES, + "protocols": DEFAULT_ALLOWED_PROTOCOLS, } diff --git a/src/wagtailmarkdown/utils.py b/src/wagtailmarkdown/utils.py index eb91419..daef1cc 100755 --- a/src/wagtailmarkdown/utils.py +++ b/src/wagtailmarkdown/utils.py @@ -72,6 +72,14 @@ def _get_bleach_kwargs(): key: list(value) for key, value in merged.items() } + if "allowed_protocols" in settings.WAGTAILMARKDOWN: + if override: + bleach_kwargs["protocols"] = settings.WAGTAILMARKDOWN["allowed_protocols"] + else: + bleach_kwargs["protocols"] = list( + set(settings.WAGTAILMARKDOWN["allowed_protocols"] + bleach_kwargs["protocols"]) + ) + return bleach_kwargs diff --git a/tests/testapp/tests/test_settings.py b/tests/testapp/tests/test_settings.py index 8daea61..442aca4 100644 --- a/tests/testapp/tests/test_settings.py +++ b/tests/testapp/tests/test_settings.py @@ -14,6 +14,7 @@ "allowed_tags": ["i"], "allowed_styles": ["some_style"], "allowed_attributes": {"i": ["aria-hidden"], "a": ["data-test"]}, + "allowed_protocols": ["tel"], "extensions": ["toc", "sane_lists"], "extension_configs": { "codehilite": [("guess_lang", True)], @@ -163,3 +164,21 @@ def test_get_bleach_kwargs_with_attributes(self): } ): self.assertDictEqual(_get_bleach_kwargs()["attributes"], allowed) + + def test_get_bleach_kwargs_with_protocols(self): + with override_settings(WAGTAILMARKDOWN={"allowed_protocols": ["tel"]}): + self.assertListEqual( + sorted(_get_bleach_kwargs()["protocols"]), + sorted(set(DEFAULT_BLEACH_KWARGS["protocols"] + ["tel"])), + ) + + with override_settings( + WAGTAILMARKDOWN={ + "allowed_protocols": ["tel"], + "allowed_settings_mode": SETTINGS_MODE_OVERRIDE, + } + ): + self.assertListEqual( + sorted(_get_bleach_kwargs()["protocols"]), + ["tel"], + ) From 2662d7cf045e63150e9ff536b01574b9e9a41413 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Luk=C3=A1cs?= Date: Tue, 4 Feb 2025 13:49:07 +0100 Subject: [PATCH 2/2] Reformatted `wagtailmarkdown/utils.py` by `ruff-format` --- src/wagtailmarkdown/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/wagtailmarkdown/utils.py b/src/wagtailmarkdown/utils.py index daef1cc..2507d8d 100755 --- a/src/wagtailmarkdown/utils.py +++ b/src/wagtailmarkdown/utils.py @@ -77,7 +77,10 @@ def _get_bleach_kwargs(): bleach_kwargs["protocols"] = settings.WAGTAILMARKDOWN["allowed_protocols"] else: bleach_kwargs["protocols"] = list( - set(settings.WAGTAILMARKDOWN["allowed_protocols"] + bleach_kwargs["protocols"]) + set( + settings.WAGTAILMARKDOWN["allowed_protocols"] + + bleach_kwargs["protocols"] + ) ) return bleach_kwargs