Skip to content
This repository was archived by the owner on Mar 26, 2025. It is now read-only.

Add support for new html5lib versions #403

Closed
czpython opened this issue Dec 12, 2016 · 11 comments
Closed

Add support for new html5lib versions #403

czpython opened this issue Dec 12, 2016 · 11 comments
Assignees
@czpython

Comments

@czpython
Copy link
Contributor

Ref:

#336
#344
#345
#402
This was referenced Dec 12, 2016
Closed
Closed
@rando305
Copy link

Thank you. This is killing me. We need a solution. I can't go to html5lib < .9x9.

I can't edit my production website.

Advise work arounds. I am getting an error:
'module' object has no attribute 'htmlserializer'
Request Method: POST
Request URL: http://localhost:8000/admin/cms/page/edit-plugin/73/
Django Version: 1.9.11
Exception Type: AttributeError
Exception Value:
'module' object has no attribute 'htmlserializer'
Exception Location: C:\Users\rando\Ops3\lib\site-packages\djangocms_text_ckeditor\html.py in clean_html, line 65

@rando305
Copy link

Just for those of you who only have 'safe' people using the editor:
Here are two hacks that got my website to stop breaking:
Both are in html.py

  1. s.serializer.htmlserializer doesn't exist so replace that line with:
    try:
    s = serializer.htmlserializer.HTMLSerializer(omit_optional_tags=False,
    quote_attr_values=True)
    except AttributeError:
    s = serializer.HTMLSerializer()
    return u''.join(s.serialize(stream))

  2. if settings.TEXT_HTML_SANITIZE:
    I inserted a pass afterwards and commented everything out.
    comment out sanitizer from the html5lib import
    comment out: from .sanitizer import TextSanitizer

It might defeat the security features, but at least I can keep my website functional.

@czpython czpython mentioned this issue Jun 29, 2017
Closed
@Chronial
Copy link

Reposting here, since I never got an answer and would still be interested in working on this:

We would really appreciate if someone has the time to contribute a backwards compatible patch that adds compatibility with the latest html5lib.

@czpython Is it essential that it is backwards compatible? This adds a lot of complexity and the old implementation seems dangerous, since it modifies global settings of html5lib: https://github.com/divio/djangocms-text-ckeditor/blob/6e0b6c2fb48984ee579cc3ca672b5064af1bf10d/djangocms_text_ckeditor/html.py#L23

Or what do you actually mean by backwards compatible?

@merwok
Copy link

merwok commented Nov 15, 2017

html5lib <0.99999999 has an XSS vulnerability, so a new release compatible with that version would be very welcome.

@tschorr tschorr mentioned this issue Nov 23, 2017
Closed
@jedie
Copy link

jedie commented Feb 17, 2018

ping

jedie added a commit to jedie/djangocms-text-ckeditor that referenced this issue Feb 17, 2018
@jedie
use html5lib>=0.999999999, to fix django-cms#403
adab957
@bhrutledge
Copy link

This is biting me. Would love to see #464 merged.

@WayneYe
Copy link

WayneYe commented Mar 23, 2018

+1 for this, come on folks :)

@riclima riclima mentioned this issue Apr 20, 2018
Merged
@maj0rr
Copy link

maj0rr commented Apr 24, 2018

+1 😀

This was referenced Apr 30, 2018
Merged
Closed
@jedie
Copy link

jedie commented Apr 30, 2018

ping

@jmaupetit jmaupetit mentioned this issue May 2, 2018
Closed
@MHLut
Copy link

MHLut commented May 2, 2018

bump

@czpython czpython self-assigned this May 2, 2018
@Jamim
Copy link

Jamim commented May 2, 2018
edited
Loading

I just sent the following message to the Divio's support through the contact form at http://support.divio.com.

Hello!

There is an issue in Divio's subproject called djangocms-text-ckeditor.
https://github.com/divio/djangocms-text-ckeditor/issues/403
Is someone worknig on resolving this issue?

Best regards,
Aliaksei Urbanski

I'm hoping this will draw their attention to the issue.

Update
I received an answer from Divio's community manager Daniele Procida.

Yes, but I can't give any ETA for resolution, sorry.

@chaosk chaosk mentioned this issue May 28, 2018
Merged
czpython pushed a commit that referenced this issue May 29, 2018
@chaosk @czpython
Fixed #403 -- Use html5lib>=0.999999999 (#482)
175a1a4 
Convert additional allowed tags/attributes to html5lib structure, update html5lib version in (test) requirements, add tests for custom tags/attributes
@rhunwicks rhunwicks mentioned this issue Nov 7, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@czpython czpython

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@jedie @merwok @WayneYe @czpython @Chronial @bhrutledge @MHLut @Jamim @rando305 @maj0rr