sanitizer: allow style for description#2150
Merged
zzacharo merged 1 commit intoCERNDocumentServer:mainfrom Nov 27, 2025
Merged
Conversation
zubeydecivelek
force-pushed
the
description-style
branch
from
76e58c4 to
f4b16c2
Compare
zubeydecivelek
commented
Nov 25, 2025
Comment on lines
+226
to
+261
| class SanitizedHTMLWithCSS(fields.String): | ||
| """Enhanced SanitizedHTML supporting inline CSS sanitization. | ||
|
|
||
| Fully compatible with marshmallow_utils.fields.SanitizedHTML, | ||
| but adds CSS. | ||
| """ | ||
|
|
||
| def __init__( | ||
| self, | ||
| tags=None, | ||
| attrs=None, | ||
| css_styles=None, | ||
| *args, | ||
| **kwargs, | ||
| ): | ||
| """ | ||
| :param tags: Allowed HTML tags. | ||
| :param attrs: Allowed HTML attributes per tag. | ||
| :param css_styles: List of allowed CSS properties (e.g., ["color"]). | ||
| """ | ||
| super().__init__(*args, **kwargs) | ||
|
|
||
| self.tags = tags | ||
| self.attrs = attrs | ||
| self.css_styles = css_styles | ||
|
|
||
| def _deserialize(self, value, attr, data, **kwargs): | ||
| """Run bleach sanitize with CSS support.""" | ||
| value = super()._deserialize(value, attr, data, **kwargs) | ||
|
|
||
| return sanitize_html( | ||
| value, | ||
| tags=self.tags, | ||
| attrs=self.attrs, | ||
| css_styles=self.css_styles, | ||
| ) |
Contributor
Author
There was a problem hiding this comment.
marshmallow_utils SanitizedHTML doesn't support css_styles
zubeydecivelek
force-pushed
the
description-style
branch
from
f4b16c2 to
2430e17
Compare
zzacharo
reviewed
Nov 25, 2025
| "strong": ["style"], | ||
| "em": ["style"], | ||
| "u": ["style"], | ||
| "sup": ["style"], |
Contributor
Author
There was a problem hiding this comment.
I checked, and span and p should be enough I'll remove these
zubeydecivelek
force-pushed
the
description-style
branch
from
2430e17 to
49f6b28
Compare
zzacharo
approved these changes
Nov 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.