TextPlugin removes source code HTML on save

django-cms / djangocms-text-ckeditor

Text Plugin for django CMS using CKEditor 4

https://www.django-cms.org/en/repositories-plugins/

BSD 3-Clause "New" or "Revised" License

164 stars 186 forks source link

TextPlugin removes source code HTML on save #667

Closed Noah3141 closed 1 month ago

Noah3141 commented 5 months ago

I have had something similar occur in two separate projects.

In one, I was making modifications to the source HTML, like adding another style attribute to a tag, and my new attribute would be gone on save, leaving only the previous state of the tag.

In the current one, all tag attributes are getting purged on TextPlugin save.

In both these cases the TextPlugins were created within placeholder fields in the following manner:

block_text_plugin: TextPlugin = add_plugin(
    placeholder=subsection_placeholder,
    plugin_type=text_plugin,
    language="en-us",
    target=block_plugin,
    body=block["body"],
)

Where block['body'] contains HTML elements, including some <ol style="list-style-type:lower-alpha">.

Before: <ol style="list-style-type:lower-roman"> After: <ol>

djangocms-text-ckeditor 5.1.5

fsbraun commented 5 months ago

djangocms-text-ckeditor sanitizes any HTML before safe. You might need to configure the sanitizer. See here: https://github.com/django-cms/djangocms-text-ckeditor#configurable-sanitizer

Noah3141 commented 5 months ago

It seems like it would certainly be the root cause, but I can't seem to get the settings to take effect:

I managed to get the global setting,

TEXT_HTML_SANITIZE = False

to turn it off altogether to work (i.e. keep list styles), but I suspect I want a bit more precision.

Specifically providing "style" inside the settings.py did not preserve the style attributes.

TEXT_ADDITIONAL_ATTRIBUTES = ('style',)

So, now I'm trying the custom parser. I have it successfully hooked up, because I can see its print statements when made within the parse function

from djangocms_text_ckeditor.sanitizer import AllowTokenParser

Keep = bool
class ListAttributeParser(AllowTokenParser):
    def parse(self, attribute: str, val: str) -> Keep:
        if attribute == "style": 
            print(val) # -->  list-style-type:lower-roman
            return True
        else: return False

I did add:

    'basicEntities': False,
    'entities': False,

(They are not duplicate keys)

fsbraun commented 5 months ago

Does it work? I must say, I am not an expert of htmllib.

Noah3141 commented 5 months ago

I have not gotten the custom parser to work, no. Switching True/False with each other didn't seem to have an effect.

stale[bot] commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 1 month ago

This will now be closed due to inactivity, but feel free to reopen it.