For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
If an email contains several text/html parts inside a multipart email, the previous code was only keeping the last content part.
The Content-Type: multipart/mixed allows several independent part (RFC1341 7.2.2), so two html is technically valid.
With this patch, the two parts are concatenated. (opw 614755)
Modify append_content_to_html regex to make sure the regex keeps the content of the html instead of removing it.
e.g.: "123 <html> 456 </html> 789" used to be stripped to "123 789" while we expect "123 456 789"
- [FIX] bounce regex: too many emails were considered as bounce and therefore
not displayed in the chatter and lost for the communication history. The regex
was not correctly looking for the bounce alias in the email_to.
- [FIX] invite email: replying to the invitation email (invitation as new
follower) now replies to the user sending the invitation.
- [FIX] mass_mailing: added a column to store the id of the original email
in addition to the many2one column. The many2one is set to null when deleting
the original email. As the information is necessary, it is saved on another
field. The many2one is necessary for indexes purpose as the inverse of
a one2many.
encapsulatse the whole content inside a div. This means that html fields are
not editor-clean after being sanitized, because a div has been inserted as root
element. Removing this element allows to have snippets that can be dragged,
dropped, or to insert new snippets inside edited html content in html fields.
[IMP] tools: tests: mail: updated a test accordingly
bzr revid: tde@openerp.com-20140115142709-e4951b4nc06sfxf0
options before website: without frames, with safe attributes only.
We will have to find a way to use the strict mode when parsing incoming
emails, but not when sending or storing openerp content.
Currently the not strict mode is the default one, to avoid side-effects with
the website.
bzr revid: tde@openerp.com-20140115141319-g15zl1kqrp8sgoa3
options before website: without frames, with safe attributes only.
We will have to find a way to use the strict mode when parsing incoming
emails, but not when sending or storing openerp content.
Currently the not strict mode is the default one, to avoid side-effects with
the website.
bzr revid: tde@openerp.com-20140113085701-f2bzu94cq1z3tl10
Fixed length computation of text in html nodes: multiples successive whitespaces are considered as one whitespaces; better truncate position when adding a read more link; now always protect words (placed after the first word that exceeds the shorten position); pre nodes are preserved about whitespaces; when the read more link should go into a quote, it instead goes at the end of the first parent node not being quoted instead of at a wrong position.
Misc :
- removed an unnecessary loop by merging two root.iter() that do not interfere
- changed occurrences of getiterator to iter, because getiterator is deprecated
- nodes are cleaned after processing, removing all attributes used to tag nodes
- fixed a bug about cleaning span containing only whitespaces not always cleaned
Added tests for shorten position.
bzr revid: tde@openerp.com-20131024084411-pytwt9g1gdmoebzc