Update allowed HTML (#456)

Co-authored-by: Tomas Zulberti <tzulberti@gmail.com>
Co-authored-by: Facundo Batista <facundo@taniquetil.com.ar>

Author: 3 people

events/forms.py

@@ -25,6 +25,7 @@ class EventForm(CrispyFormMixin):
     description = SanitizedCharField(
         allowed_tags=settings.ALLOWED_HTML_TAGS_INPUT,
         allowed_attributes=settings.ALLOWED_HTML_ATTRIBUTES_INPUT,
+        allowed_styles=settings.ALLOWED_HTML_STYLES_INPUT,
         strip=False, widget=SummernoteInplaceWidget())
 
     start_at = forms.DateTimeField(

pyarweb/settings/base.py

@@ -212,7 +212,15 @@
     'a', 'b', 'br', 'i', 'u', 'p', 'hr',
     'pre', 'img', 'span', 'table', 'tbody',
     'thead', 'tr', 'th', 'td', 'blockquote',
-    'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+    'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'font',
+    'o:p', 'sup', 'sub', 'strike', 'li', 'ul',
+    'ol', 'div',
+]
+ALLOWED_HTML_ATTRIBUTES_INPUT = [
+    'href', 'src', 'style', 'width', 'class', 'face',
+]
+ALLOWED_HTML_STYLES_INPUT = [
+    'text-align', 'margin-left', 'background-color',
+    'font-size',
 ]
-ALLOWED_HTML_ATTRIBUTES_INPUT = ['href', 'src', 'style', 'width', 'class']
 TAGGIT_CASE_INSENSITIVE = True