You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I installed django-summernote and followed all setup, however when I upload image and post it with text, img tag doesn't have src attribute.
In db table, result is appeared like this,
id | text
----+-------------------------------
1 | <p>This is image.</p><p><br></p><img style="">
I try to find solution. The reason was discovered in SummernoteTextFormField.
When field saves data, field will run bleach.clean(). bleach will remove html tags, attributes, other things by settings what specified in settings.py
So I open settings.py and found that there is no src attribute.
After I wrote src in ATTRIBUTES, uploading image is successfully works.
id | text
----+-----------------------------------------------------------------------------------------------------------------------------------
1 |<p>This is image.</p><p><br></p><img src="http://127.0.0.1:8000/media/django-summernote/2022-10-07/b11642da-88a4-41c1-b509-b94a49371ad1.png" style="">
I think this isn't good solution to avoid XSS. There must be reason why src attributes doesn't exist in settings.ATTRIBUTES.
Before solve this problem, I got unexpected keyword argument error, #477. So I installed bleach-4.1.0. Is this cause above error?
update:
I solved this problem with below codes in project settings.py.
from django_summernote.settings import ATTRIBUTES
ATTRIBUTES["*"] += ["src",]
The text was updated successfully, but these errors were encountered:
I installed
django-summernoteand followed all setup, however when I upload image and post it with text, img tag doesn't have src attribute.In db table, result is appeared like this,
I try to find solution. The reason was discovered in
SummernoteTextFormField.When field saves data, field will run
bleach.clean().bleachwill remove html tags, attributes, other things by settings what specified insettings.pySo I open settings.py and found that there is no
srcattribute.After I wrote
srcinATTRIBUTES, uploading image is successfully works.I think this isn't good solution to avoid XSS. There must be reason why
srcattributes doesn't exist insettings.ATTRIBUTES.Before solve this problem, I got unexpected keyword argument error, #477. So I installed
bleach-4.1.0. Is this cause above error?update:
I solved this problem with below codes in project settings.py.
The text was updated successfully, but these errors were encountered: