From bfce57f5da420810a4366c0eaa2223ab1c6a72f9 Mon Sep 17 00:00:00 2001 From: Mariano Reingart Date: Wed, 21 May 2014 15:10:25 -0300 Subject: [PATCH] fixed excessive attribute sanitization in generic generation of PDF (pyfpdf) --- applications/admin/languages/es.py | 2 ++ gluon/contrib/generics.py | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/applications/admin/languages/es.py b/applications/admin/languages/es.py index 61cc8fa0..e93a3164 100644 --- a/applications/admin/languages/es.py +++ b/applications/admin/languages/es.py @@ -179,6 +179,7 @@ 'Exception instance attributes': 'Atributos de la instancia de Excepción', 'Exit Fullscreen': 'Exit Fullscreen', 'Expand Abbreviation': 'Expand Abbreviation', +'Expand Abbreviation (html files only)': 'Expand Abbreviation (html files only)', 'export as csv file': 'exportar como archivo CSV', 'exposes': 'expone', 'exposes:': 'expone:', @@ -237,6 +238,7 @@ 'invalid ticket': 'tiquete inválido', 'Key bindings': 'Key bindings', 'Key bindings for ZenCoding Plugin': 'Key bindings for ZenCoding Plugin', +'Keyboard shortcuts': 'Keyboard shortcuts', 'language file "%(filename)s" created/updated': 'archivo de lenguaje "%(filename)s" creado/actualizado', 'Language files (static strings) updated': 'Archivos de lenguaje (cadenas estáticas) actualizados', 'languages': 'lenguajes', diff --git a/gluon/contrib/generics.py b/gluon/contrib/generics.py index f1922975..e4fdd70b 100644 --- a/gluon/contrib/generics.py +++ b/gluon/contrib/generics.py @@ -58,8 +58,16 @@ def pyfpdf_from_html(html): pass pdf = MyFPDF() pdf.add_page() + # pyfpdf needs some attributes to render the table correctly: html = sanitize( - html, escape=False) # should have better list of allowed tags + html, allowed_attributes={ + 'a': ['href', 'title'], + 'img': ['src', 'alt'], + 'blockquote': ['type'], + 'td': ['align', 'bgcolor', 'colspan', 'height', 'width'], + 'tr': ['bgcolor', 'height', 'width'], + 'table': ['border', 'bgcolor', 'height', 'width'], + }, escape=False) pdf.write_html(html, image_map=image_map) return XML(pdf.output(dest='S'))