From 9ca56fd27f40cd22924784040bde0c49e3d2f7ee Mon Sep 17 00:00:00 2001 From: Sam AL-Arbid Date: Wed, 15 Nov 2023 17:38:12 +0100 Subject: [PATCH] schema: extend content accepted HTML tags & attrs --- invenio_pages/services/schemas.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/invenio_pages/services/schemas.py b/invenio_pages/services/schemas.py index 2fc310e..b322ea2 100644 --- a/invenio_pages/services/schemas.py +++ b/invenio_pages/services/schemas.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- # # Copyright (C) 2023 CERN. +# Copyright (C) 2023 KTH Royal Institute of Technology. # # Invenio-Pages is free software; you can redistribute it and/or modify it # under the terms of the MIT License; see LICENSE file for more details. @@ -11,6 +12,14 @@ from marshmallow import Schema, fields from marshmallow_utils.fields import SanitizedHTML, TZDateTime +from marshmallow_utils.html import ALLOWED_HTML_ATTRS, ALLOWED_HTML_TAGS + +EXTENDED_ALLOWED_TAGS = ALLOWED_HTML_TAGS + ["img", "button"] +EXTENDED_ALLOWED_ATTRS = { + **ALLOWED_HTML_ATTRS, + "img": ["src", "alt", "title", "width", "height"], + "button": ["type", "name", "value", "disabled", "onclick"], +} class PageSchema(Schema): @@ -19,7 +28,7 @@ class PageSchema(Schema): id = fields.String() url = fields.String(metadata={"create_only": True}) title = fields.String() - content = SanitizedHTML() + content = SanitizedHTML(tags=EXTENDED_ALLOWED_TAGS, attrs=EXTENDED_ALLOWED_ATTRS) description = fields.String() template_name = fields.String() created = TZDateTime(timezone=timezone.utc, format="iso", dump_only=True)