Using HTML in Descriptions

Most of the description fields in CloudBolt can use simple HTML without issue, but if you wish to display more advanced HTML (such as including style tags or attributes) in a description, you will need to override one or more settings in customer_settings.py.

CloudBolt uses the Python library bleach, specifically the clean method for sanitizing user-input HTML. We use four settings for exposing details about what is allowed and each of these settings corresponds to a particular keyword argument in bleach.clean.

The default values for the settings below are reasonable and safe. They are mostly taken from the bleach library with a few additions and should be sufficient for most use-cases.

Default Values

To examine the value of a given setting in CloudBolt, you can either look at the CloudBolt-defined settings.py (/opt/cloudbolt/settings.py by default) file and the customer-defined overrides in customer_settings.py (/var/opt/cloudbolt/proserv/customer_settings.py by default) or you can use commands similar to the following in shell_plus:

from django.conf import settings
settings.BLEACH_ALLOWED_TAGS

BLEACH_ALLOWED_TAGS

BLEACH_ALLOWED_TAGS is a list and corresponds to the bleach.clean keyword argument tags.

Add arbitrary HTML tags to CloudBolt’s allowed defaults by adding a line like the following to customer_settings.py:

BLEACH_ALLOWED_TAGS += ["style"]

Or use a line like the one below in customer_settings.py to override CloudBolt’s default with your own settings:

BLEACH_ALLOWED_TAGS = ["a", "b"]

BLEACH_ALLOWED_ATTRS

BLEACH_ALLOWED_ATTRS is a dict and corresponds to the bleach.clean keyword argument attributes.

The keys in the dict are HTML tags and the values are lists of allowed attributes for each tag.

The * key in BLEACH_ALLOWED_ATTRS determines which HTML attributes are allowed for the tags not specifically defined in the dict.

The value of the * key defaults to to another CloudBolt setting, BLEACH_DEFAULT_ALLOWED_ATTRS, which is a list that can be overridden in customer_settings.py like any other CloudBolt setting.

If you want to add certain HTML attributes to a tag already defined in BLEACH_ALLOWED_ATTRS, add a line like the following to customer_settings.py:

BLEACH_ALLOWED_ATTRS["a"] += ["background-color", "color"]

You can add or override a tag in BLEACH_ALLOWED_ATTRS by adding a line like the following to customer_settings.py:

BLEACH_ALLOWED_ATTRS["a"] = ["title"]

You can delete an attribute from BLEACH_ALLOWED_ATTRS by adding a line like the following to customer_settings.py:

del BLEACH_ALLOWED_ATTRS["a"]

BLEACH_ALLOWED_STYLES

BLEACH_ALLOWED_STYLES is a list and corresponds to the bleach.clean keyword argument styles. This controls which particular styles can be used in the style attribute on a tag.

For example, to allow setting some color options in the style attribute of an a tag, add these lines to customer_settings.py:

BLEACH_ALLOWED_ATTRS["a"] += ["style"]  # to make sure that the style attr can be used on the 'a' tag
BLEACH_ALLOWED_STYLES = ["color", "background-color"]

BLEACH_ALLOWED_PROTOCOLS

BLEACH_ALLOWED_PROTOCOLS is a list and corresponds to the bleach.clean keyword argument protocols. This controls which protocols are allowed to be used in HTML tags that connect to other web addresses, such as the href attribute in an a tag or the src attribute in an img tag.

To only allow HTTPS requests, add the following line to customer_settings.py:

BLEACH_ALLOWED_PROTOCOLS = ["https"]