From: Frédéric Perrin <frederic.perrin@resel.fr>
Date: Sat, 12 Nov 2016 10:41:39 +0000 (+0000)
Subject: Limit tags from tinymce and use strip in bleach rather than replace
X-Git-Url: http://gitweb.fperrin.net/?p=djsite.git;a=commitdiff_plain;h=6d29db35c714fe52854a5b2e4002403150da1954

Limit tags from tinymce and use strip in bleach rather than replace
---

diff --git a/djsite/settings_common.py b/djsite/settings_common.py
index 101d833..6eed00b 100644
--- a/djsite/settings_common.py
+++ b/djsite/settings_common.py
@@ -99,4 +99,5 @@ TINYMCE_DEFAULT_CONFIG = {
     'theme_advanced_buttons2' : '',
     'theme_advanced_buttons3' : "",
     'plugins': 'table',
+    'valid_elements': 'a|b|strong|u|i|em|ul|ol|li|p|br'
 }
diff --git a/quotes/localmodels.py b/quotes/localmodels.py
index c09f771..691ea8c 100644
--- a/quotes/localmodels.py
+++ b/quotes/localmodels.py
@@ -2,7 +2,8 @@ import tinymce.models
 import bleach
 
 def valid_html(value):
-    return bleach.clean(value, bleach.ALLOWED_TAGS + ['p', 'br'])
+    return bleach.clean(value, bleach.ALLOWED_TAGS + ['p', 'br'],
+                        strip=True, strip_comments=True)
 
 class HTMLField(tinymce.models.HTMLField):
     def pre_save(self, model_instance, add):