search

Wtower / django-ninecms

Nine CMS is a simple Django app to manage content. Users can create content and publish it to various paths.
BSD 3-Clause "New" or "Revised" License
42 stars 6 forks source link

css attributes are removed from nodes body(HTML). #63

Closed sonus21 closed 2 years ago

sonus21 commented 8 years ago

When I tried to save node's body with html

 <ul class="section-product-tabs" role="tablist">

                            <li class="active"><a class="btn btn-default" href="#info" role="tab" data-toggle="tab">General</a></li>
                            <li><a class="btn btn-default" href="#specs" role="tab" data-toggle="tab">Technical Specification</a></li>
                            <li><a class="btn btn-default" href="#projects" role="tab" data-toggle="tab">Projects</a></li>

                        </ul>

                        <!-- Tab content starts here -->
                        <div class="tab-content">

                            <div id="info" class="tab-pane fade in active">
                            </div><!-- info ends here -->

                            <div id="specs" class="tab-pane">
                            </div><!-- specs ends here -->

                            <div id="projects" class="tab-pane">
                            </div>

                        </div><!-- tab-content ends here -->

Then it automatically gets converted to 

<ul>

                            <li><a class="btn btn-default" href="#info">General</a></li>
                            <li><a class="btn btn-default" href="#specs">Technical Specification</a></li>
                            <li><a class="btn btn-default" href="#projects">Projects</a></li>

                        </ul>

                        <div class="tab-content">

                            <div class="tab-pane fade in active">
                            </div>

                            <div class="tab-pane">
                            </div>

                            <div class="tab-pane">
                            </div>

                        </div>

Can't figure out a way to resolve this, can any one provide some insights why this is happening?

I have used Mezzanine and other CMS without any problem and I was able to save html and was getting same html.

EDIT: Simplified HTML sample for readability

Wtower commented 8 years ago

The file ninecms/utils/sanitize.py is responsible for sanitizing the user input using the Bleach library. Ninecms in contrast to the other systems that you mention, is closer to the philosophy of Drupal with Full HTML / Filtered HTML. The exact allowed elements are:

    allowed_tags = bleach.ALLOWED_TAGS + ['cite', 'dl', 'dt', 'dd', 'p', 'u', 's', 'sub', 'sup', 'img',
                                          'table', 'thead', 'tbody', 'tr', 'td', 'th', 'hr', 'iframe',
                                          'h2', 'h3', 'h4', 'h5', 'h6', 'span', 'br']
    if full_html:
        allowed_tags += ['div']
    allowed_attributes = {
        'a': ['href', 'title', 'name', 'target', 'class'],
        'abbr': ['title'],
        'acronym': ['title'],
        'p': ['style', 'class'],
        'img': ['src', 'alt', 'title', 'class'],
        'iframe': ['src', 'height', 'width', 'class'],
        'table': ['border', 'cellpadding', 'cellspacing'],
        'th': ['scope', 'rowspan', 'colspan', 'class'],
        'td': ['scope', 'rowspan', 'colspan', 'class'],
        'span': ['style', 'class'],
        'div': ['style', 'class'],
    }
allowed_styles = ['margin-left', 'text-align', 'width', 'page-break-after', 'display', 'float']

The downside is that the above are hard-coded at the moment. In a future release we will add a relevant setting to allow override, and also update the relevant documentation.

As a workaround until a fix, either restructure your templates to avoid the use of the particular HTML code within the node but rather in a template, or directly insert the desired values to the db.

sonus21 commented 8 years ago

Thanks for quick response, i have updated html contents to fix that.