Commit e0c78ffe authored by Ivan Tyagov's avatar Ivan Tyagov

Remove empty lines.

Add check that will prevent saving bad HTML content (illegal tags, javascript code ..) for TextDocument.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15001 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 785cab6f
......@@ -27,14 +27,13 @@
##############################################################################
from AccessControl import ClassSecurityInfo
from Products.CMFCore.WorkflowCore import WorkflowMethod
from Products.CMFCore.utils import getToolByName
from Products.CMFCore.utils import _setCacheHeaders
from Products.ERP5Type import Permissions, PropertySheet, Constraint, Interface
from Products.ERP5.Document.Document import Document
from Products.ERP5Type.WebDAVSupport import TextContent
from Products.CMFDefault.utils import isHTMLSafe
import re
DEFAULT_TEXT_FORMAT = 'text/html'
......@@ -108,7 +107,15 @@ class TextDocument(Document, TextContent):
kw.setdefault('text_format', format)
kw.setdefault('text_content', text_content)
del kw['file']
Document._edit(self, **kw)
# check if it's safe to save HTML content
# By default FCKEditor used to edit Web Pages wouldn't allow inserting
# HTML tags (will replace them accordingly) so this is the last possible
# step where we can check if any other scripts wouldn't try to set manually
# bad HTML content.
if isHTMLSafe(kw['text_content']):
Document._edit(self, **kw)
else:
raise ValueError, "HTML contains illegal tags."
security.declareProtected( Permissions.ModifyPortalContent, 'edit' )
edit = WorkflowMethod( _edit )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment