Django cms remove href attribute from Textplugin

Question

Currently I am working with Django-CMS & trying to add below code in Text Plugin.

<a href="javascript:void(0);" id="map-world">Click me!</a>

But Django-CMS automatically removes the href attribute from text plugin and after save Text plugin has below content.

<a id="map-world">Click me!</a>

As a solution I have already tried below options which I have got from online search.

TEXT_ADDITIONAL_TAGS = ('iframe', 'div', 'a')
TEXT_ADDITIONAL_ATTRIBUTES = ('href', 'onclick')
TEXT_HTML_SANITIZE = False

but still not any solution working.

Please let me know if anyone have solution.

Thanks.

@Aiky30 yes above code working properly but I need anchor tag with `javascript:void(0)`. — Moon, Sep 18 '20 at 13:54

score 0 · Answer 1 · answered Sep 21 '20 at 08:43

0

This is by design to prevent Cross Site Scripting attacks (XSS). If you are binding javascript to the element you can just use the # character and return false in the on click function.

Click me!

answered Sep 21 '20 at 08:43

Aiky30

785
6
13

Django cms remove href attribute from Textplugin

1 Answers1