[Product-Developers] dexterity: transform HTML before saving

Kees Hink keeshink at gmail.com
Wed Sep 26 08:14:23 UTC 2012


(Sorry for cross-posting, i'm afraid plone-users wasn't the right audience.)

We are concerned that inline images ("Data URIs") in richtext fields
might bloat our database.

We have a dexterity-based content type where the "text" field is 
currently zope.schema.Text, which doesn't do any filtering and relies on 
TinyMCE's JS to filter out bad stuff.
However, users can click and drag an image from their desktop into the 
text field, and the browser (Safari on Mac) will store that as an image 
tag with a "data" in the "src" attribute.
We don't want this. (We want a proper transform which is also active 
when JS is disabled.)

I googled for dexterity and HTML transform, and found 
plone.app.textfield [1] which stores a RichTextValue object which is 
transformed when its output method is called. safe_html from 
Products.PortalTransforms [2] filters data URIs since 2.0.7, but as this 
transform is applied on ouput, the image would still be stored and
pollute the database.

Is there a way to apply a transform before saving?

Kees

[1]
http://dexterity-developer-manual.readthedocs.org/en/latest/advanced/rich-text-markup-transformations.html

[2] http://pypi.python.org/pypi/Products.PortalTransforms



More information about the Product-Developers mailing list