[Product-Developers] dexterity: transform HTML before saving
Kees Hink
keeshink at gmail.com
Wed Sep 26 08:14:23 UTC 2012
(Sorry for cross-posting, i'm afraid plone-users wasn't the right audience.)
We are concerned that inline images ("Data URIs") in richtext fields
might bloat our database.
We have a dexterity-based content type where the "text" field is
currently zope.schema.Text, which doesn't do any filtering and relies on
TinyMCE's JS to filter out bad stuff.
However, users can click and drag an image from their desktop into the
text field, and the browser (Safari on Mac) will store that as an image
tag with a "data" in the "src" attribute.
We don't want this. (We want a proper transform which is also active
when JS is disabled.)
I googled for dexterity and HTML transform, and found
plone.app.textfield [1] which stores a RichTextValue object which is
transformed when its output method is called. safe_html from
Products.PortalTransforms [2] filters data URIs since 2.0.7, but as this
transform is applied on ouput, the image would still be stored and
pollute the database.
Is there a way to apply a transform before saving?
Kees
[1]
http://dexterity-developer-manual.readthedocs.org/en/latest/advanced/rich-text-markup-transformations.html
[2] http://pypi.python.org/pypi/Products.PortalTransforms
More information about the Product-Developers
mailing list