ckeditor: add templatetag which disables iframes if javascript is dis…

…abled
liqd · Nov 22, 2023 · 3039aa8 · 3039aa8
1 parent 8b1956d
commit 3039aa8
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 2 deletions.
diff --git a/adhocracy4/ckeditor/templatetags/ckeditor_tags.py b/adhocracy4/ckeditor/templatetags/ckeditor_tags.py
@@ -1,3 +1,4 @@
+import re
 import time
 
 from django import template
@@ -45,3 +46,9 @@ def transform_collapsibles(text):
             )
 
     return serialize(tree)
+
+
+@register.filter
+def disable_iframes(text):
+    """Disable all iframes to prevent them from loading if js is disabled"""
+    return re.sub(r"(<iframe .*?)src=(.*?>)", r"\1data-src=\2", text)
diff --git a/changelog/_8999.md b/changelog/_8999.md
@@ -0,0 +1,4 @@
+### Added
+
+- templatetag which disables iframes to stop them from loading if javascript is
+  disabled
diff --git a/tests/ckeditor/test_ckeditor_templatetags.py b/tests/ckeditor/test_ckeditor_templatetags.py
@@ -19,3 +19,22 @@ def test_transform_collapsibles(project_factory):
     output = render_template(template, {"project": project})
     assert "<span>Title</span>" in output
     assert "<div>Body</div>" in output
+
+
+@pytest.mark.django_db
+def test_disable_iframes(project_factory):
+    project = project_factory(
+        information="<div><figure class=media><div "
+        'data-oembed-url="https://www.youtube.com/embed/PkhmcJWSNAU'
+        '?controls=0"><div><iframe '
+        'src="https://www.youtube.com/embed/PkhmcJWSNAU?rel=0"></iframe'
+        "></div></div></figure><p>liqd project info</div>"
+    )
+
+    template = (
+        "{% load ckeditor_tags %}"
+        + "{{ project.information | disable_iframes | safe }}"
+    )
+    output = render_template(template, {"project": project})
+    assert "iframe data-src" in output
+    assert "iframe src" not in output
diff --git a/tests/project/settings.py b/tests/project/settings.py
@@ -194,11 +194,26 @@
         ],
     },
     "collapsible-image-editor": {
-        "tags": ["p", "strong", "em", "u", "ol", "li", "ul", "a", "img", "div"],
+        "tags": [
+            "p",
+            "strong",
+            "em",
+            "u",
+            "ol",
+            "li",
+            "ul",
+            "a",
+            "img",
+            "div",
+            "iframe",
+            "figure",
+        ],
         "attributes": {
             "a": ["href", "rel"],
             "img": ["src", "alt", "style"],
-            "div": ["class"],
+            "div": ["class", "data-oembed-url"],
+            "iframe": ["src", "alt"],
+            "figure": ["class", "div", "iframe"],
         },
         "styles": [
             "float",