Closed sonus21 closed 2 years ago
The file ninecms/utils/sanitize.py is responsible for sanitizing the user input using the Bleach library. Ninecms in contrast to the other systems that you mention, is closer to the philosophy of Drupal with Full HTML / Filtered HTML. The exact allowed elements are:
allowed_tags = bleach.ALLOWED_TAGS + ['cite', 'dl', 'dt', 'dd', 'p', 'u', 's', 'sub', 'sup', 'img',
'table', 'thead', 'tbody', 'tr', 'td', 'th', 'hr', 'iframe',
'h2', 'h3', 'h4', 'h5', 'h6', 'span', 'br']
if full_html:
allowed_tags += ['div']
allowed_attributes = {
'a': ['href', 'title', 'name', 'target', 'class'],
'abbr': ['title'],
'acronym': ['title'],
'p': ['style', 'class'],
'img': ['src', 'alt', 'title', 'class'],
'iframe': ['src', 'height', 'width', 'class'],
'table': ['border', 'cellpadding', 'cellspacing'],
'th': ['scope', 'rowspan', 'colspan', 'class'],
'td': ['scope', 'rowspan', 'colspan', 'class'],
'span': ['style', 'class'],
'div': ['style', 'class'],
}
allowed_styles = ['margin-left', 'text-align', 'width', 'page-break-after', 'display', 'float']
The downside is that the above are hard-coded at the moment. In a future release we will add a relevant setting to allow override, and also update the relevant documentation.
As a workaround until a fix, either restructure your templates to avoid the use of the particular HTML code within the node but rather in a template, or directly insert the desired values to the db.
Thanks for quick response, i have updated html contents to fix that.
When I tried to save node's body with html
Then it automatically gets converted to
Can't figure out a way to resolve this, can any one provide some insights why this is happening?
I have used Mezzanine and other CMS without any problem and I was able to save html and was getting same html.
EDIT: Simplified HTML sample for readability