django-nh3 icon indicating copy to clipboard operation
django-nh3 copied to clipboard

Published 20 hours ago verified publisher icon marksweb

Fallback to configured project settings when left unspecified on model and form fields

Open blag opened this issue 6 months ago • 3 comments

This PR builds on top of PR #37 and supersedes it.

This project currently requires users to pass in all NH3 configuration options wherever they use an NH3 model field or form field. Options for model fields and form fields do not follow any project-wide configured settings values.

Instead, pull any unspecified NH3 model field and form field options from the Django project settings.py module. Essentially supporting project-wide configuration (via settings.py), and per-field configuration. This follows the DRY principle and makes it easier to use Nh3Fields.

I also decomposed a few functions in this package's utils module a bit more, which then allowed me to simplify them further.

Closes #37.

blag avatar May 21 '25 06:05 blag

Added tests, back to 100% coverage. This should be ready for review and merge.

blag avatar May 22 '25 07:05 blag

@marksweb This should be ready to merge.

blag avatar May 22 '25 19:05 blag

I'm wondering if this would be a good place/time to change the field values to indicate what parameters specify allowlists. Something like this:

class MyModel(models.Model):
    content = Nh3Field(
        allowed_tags=["a", "b"],
        allowed_attributes={
            "*": {"class", "style"},
        },
        allowed_attribute_filter=lambda element, attribute, attribute_value: ...,
        allowed_generic_attribute_prefixes={"my-custom-tag-prefix"},
        allowed_tag_attribute_values={
            "a": {
                "class": {
                    "bold",
                    "col-1", "col-2", "col-3",
                    "col-4", "col-5", "col-6",
                    "col-7", "col-8", "col-9",
                    "col-10", "col-11", "col-12",
                    "emphasized",
                },
        },
        allowed_url_schemes={"gopher", "https"},
    )

If we're going to make a breaking change to keyword-only arguments, we might as well change the names of the arguments to be absolutely clearer about what they mean. Even being somewhat familiar with Python and Bleach, and reading the Nh3 docs, it still took me awhile to figure out how I was supposed to configure this project to work for me. More descriptive argument names would have made that easier and more clear.

Thoughts?

blag avatar May 23 '25 19:05 blag

Thoughts?

Yeah I think that makes sense, if it makes sense to you when you're using it, as you say 👍🏼

marksweb avatar May 27 '25 00:05 marksweb

Great! I crafted a separate PR specifically for that then: PR #57. This PR is big enough as it is.

And pending your review, this should be good to go.

blag avatar May 27 '25 02:05 blag

Done in #57.

blag avatar Jul 25 '25 23:07 blag