Flask and Jinja2 with bleach, image html not working
I am creating a small blog for myself for a project, only I, as a user, can access the publish page. I previously followed the Flask tutorial, the end product of which allows you to host HTML and feed it through Jinja2 templates using bleach and Markdown.
These models.py
are valid tags in my file.
@staticmethod
def on_changed_body(target, value, oldvalue, initiator):
allowed_tags = ['a', 'abbr', 'acronym', 'b', 'blockquote', 'code',
'em', 'i', 'li', 'ol', 'pre', 'strong', 'ul',
'h1', 'h2', 'h3', 'p', 'img', 'video', 'div', 'iframe', 'p', 'br', 'span', 'hr', 'src', 'class']
target.body_html = bleach.linkify(bleach.clean(
markdown(value, output_format='html'),
tags=allowed_tags, strip=False))
I added some img and embedding tags as they are important for my blog. I have an example consisting of some text and an image that is saved to a SQLAlchemy MySQL database exactly as I wrote it. Below is taken directly from the database.
<p>Hello</p>
<img src="https://catastrophicfindings.files.wordpress.com/2012/07/moomin-childhood-memories-260482_829_494.jpg">
<marquee>Bye</marquee>
Also, I have a field under the form of my blog post that displays an HTML preview. The image looks like it was supposed to, so I know it's ok and the tag is <marquee></marquee>
rendered as markup.
In my template file, I am passing this body_html like so.
{% if post.body_html %}
{{ post.body_html | safe }}
{% else %}
{{ post.body }}
{% endif %}
When I go to the post in my browser, the image doesn't appear at all. However, the marquee tag appears as <marquee>Bye</marquee>
, and upon further inspection in the developer console, the HTML appears as a tag <img>
, without the src attribute.
Is there a way to fix this? Will this be something in the Jinja config? Is there a way to declare valid attributes if that was the solution?
Thank.
source to share