Hey Folks. This is another deep-dive for me.
I've been inside Products.PortalTransforms and plone.outputfilters before, but this one is stumping me.
We have a media button in TinyMCE that places a video into a rich text field. Nothing Fancy.
We stick some HTML in there for the user.
<p> blah blah blah </p> <p><video width="300" height="150"> <source src="https://www.rfa.org/english/video?v=1_3g5xp97h" /></video></p> <p>blah blah blah</p>
plone.outputfilters handles the rest. The solution is identical to 'resolve_uid_and_caption' except we grab that video tag and replace it with the real video.
video_output.pt and gets all it's info/options/variables from the filter adapter.
<browser:page name="video_output" for="*" class=".video_output.RichTextVideoView" template="video_output.pt" permission="zope.Public" layer="mycompany.myclient.interfaces.IMyClientsVerySpecialLayer" />
plone.outputfilters is, IMO, amazingly built and very flexable.
This is fantastic except for one annoying part - plone,outputfilters is a transform POLICY. It's not actually part of a transform chain.
As the docs say: plone.outputfilters · PyPI
plone.outputfilters hooks into the PortalTransforms machinery by installing:
- a new mimetype (“text/x-plone-outputfilters-html”)
- a transform from text/html to text/x-plone-outputfilters-html
- a null transform from text/x-plone-outputfilters-html back to text/html
- a “transform policy” for the text/x-html-safe mimetype, which says that text being transformed to text/x-html-safe must first be transformed to text/x-plone-outputfilters-html
The filter adapters are looked up and applied during the execution of the transform from step #2.
This should be considered an implementation detail and may change at some point in the future.
We are doing 'text/html' -> [required transforms: (outputfilters)] -> 'text/x-html-safe' any code from outputfilters is not safe and removed.
I would like to argue that html generated by outputfilters IS SAFE and does not need filtering.
(yea, a plugin could write something to inject unsanitized input through an output filter, but that's a self-inflicted injury at that point I think)
If somehow, plone could do a transform like 'text/html' -> 'text/x-html-safe' -> 'text/x-html-safe-and-outputfiltered' and remove outputfilters as a policy we could make this work for all of plone.
I don't know how to setup transform chains. never played with them. not sure if they would help here or not.
The above is going to probably take a PLIP and a rewrite of a fair chunk of outputfilters.
Any other more hacky thoughts on how to accomplish the requirement?
- Rich Text Fields need to be sanitized with html filters
- plone.outputfitlers replacements in Rich Text Fields should not be filtered
Thanks for applying a few of your neurons on this.