Safe html transform in RichTextValue returns invalid html

When using a RichTextValue field, with the following options:

>>> from import RichTextValue
>>> richtext = RichTextValue(
...             u'<p><iframe src=""></iframe></p>',
...             'text/html',
...             'text/x-html-safe'
...         )

The richtext.output is returning a self closing iframe element:

>>> richtext.output
u'<p><iframe src=""/></p>'
>>> richtext.__dict__
{'_encoding': 'utf-8', '_raw_holder': <RawValueHolder: <p><iframe src=""></iframe></p>>, '_outputMimeType': 'text/x-html-safe', '_mimeType': 'text/html'}

How can I 'fix' this so the safe html transform returns a iframe element which is not self closing? I am using Plone 5.1. In this case I'm importing content from another site and recreating the items. The same output is shown when rendering the field (using structure teaser/text/output) in a template. When manually adding a document with the same iframe thru-the-web, the iframe element is valid (not self closing).

1 Like

I think the whole approach is very weird. IFRAME is not usually sage html. I måde an and on for this ise case medialog.lxml but it was never used in produksjon. Anyway it can make New fontener from an url

EDIT: My phone autocorrected, it should be 'New content from an URL' (and sage should be safe)

you could try to file an official complaint with whoever is caring for Portal.Transforms ref

import sys
import lxml
from lxml import etree
from lxml import html

h = """
<p><iframe src=""/></p>

html_parser = html.HTMLParser(encoding='utf-8')
tree = etree.fromstring(h, html_parser)
print(etree.tostring(tree, encoding='utf-8').strip())
print(etree.tostring(tree, encoding='utf-8',method='html').strip())

That sound like regression. If you have a GitHub account, please, file a bug in

If that can be reproduced by others, they fix it and release a new version of Products.PortalTransforms package. Then you should define the new version in your buildout, run buildout and restart site to get the fixed version running.

Is this still the case in the final output of the rendered page?

safe/html is implemented to produce xhtml, but later Diazo should enforce all output to HTML (unless theme declares xhtml)

For other uses, you can transform that xhtml into html with

from lxml import html

html.tostring(html.fromstring('<p><iframe src=""/></p>'))

safe/html is implemented to produce xhtml, but later Diazo should enforce all output to HTML (unless theme declares xhtml)

Indeed, this seems to be expected behavior. In the diazo theme the expected correct tag is returned and when debugging/viewing the xhtml is shown. I wasn't aware of this, so this was a user error. :slight_smile: Thanks for the explanation!