Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize input from rich text widget #18

Open
nidico opened this issue Sep 26, 2013 · 2 comments
Open

Sanitize input from rich text widget #18

nidico opened this issue Sep 26, 2013 · 2 comments

Comments

@nidico
Copy link

nidico commented Sep 26, 2013

Former title:

elements can break tinymce editor

You can shoot yourself in the foot by adding a <form> element to a document (e.g. through the tinymce source editor).

This breaks the wysiwyg editor, as it simply renders the document's html and erroneously closes the outer form, which makes the save/abort buttons not work anymore.

I'm not sure how this should best be dealt with - I guess the HTML source should be sanitized, e.g. <form> elements be removed.
@dnouri
Copy link
Contributor

dnouri commented Sep 26, 2013

Yes, agree that input needs to be sanitized.

@dnouri
Copy link
Contributor

dnouri commented Oct 3, 2013

I just did this in a project of mine. lxml.html.clean.clean_html seems to do a pretty good job. Just a matter of hooking this in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dnouri @nidico