From a6e2b484e215b336b257bb6d9867803cfe442d54 Mon Sep 17 00:00:00 2001
From: IEL <iel@odoo.com>
Date: Wed, 21 Oct 2020 08:52:22 +0000
Subject: [PATCH] [FIX] web_editor: disable embedded video for html fields in
backend
TLDR: the videos doesn't work anyway, but nobody noticed it for years; at the
same time there is no easy way to fix it
STEPS:
* create a record with html field, e.g. project.task
* add an embedded video (File/Image icon)
* save
BEFORE: video doesn't work
AFTER: there is no option to add embedded video anymore
WHY:
* iframe tags are removed before storing html in database, so after saving a
record, embedded video doesn't work anymore
* possible fixes look too tricky for stable branches:
* new field attribute sanitize_iframe=False -- requires changes in core python framework which may have side effect
* adding iframe on client side -- the problem is that the backend doesn't
have mechanism to use animation in html fields like it's done in
website: https://github.com/odoo/odoo/blob/ced500e9bcbb5c84033463689d135ad4c7dc4f39/addons/website/static/src/js/content/snippets.animation.js#L623-L632
* adding iframe on server side -- parsing html fields in _read... Doesn't look good either
* double selector is required to make it work both in frontend and backend:
$editable.closest('.o_editable, .note-editor')
* we don't need hardcoded exception for mailing.mailing, mail.compose.message
because those fields marked as sanitized (default value)
https://github.com/odoo/odoo/blob/c92f058571b0656451f24e24154dd1bdb3bdb48a/odoo/fields.py#L1589-L1590
https://github.com/odoo/odoo/blob/c92f058571b0656451f24e24154dd1bdb3bdb48a/addons/mail/wizard/mail_compose_message.py#L115
https://github.com/odoo/odoo/blob/61734cdaf1cf6857125b1ece63928ab080359c6c/addons/mass_mailing/models/mailing.py#L77
* I don't apply this for Odoo 12, because js is refactored in Odoo 13 (e.g.
field_html.js has another name in Odoo 12)
---
opw-2353103
closes odoo/odoo#60418
Signed-off-by: Nicolas Lempereur (nle) <nle@odoo.com>
---
addons/web_editor/static/src/js/backend/field_html.js | 2 +-
addons/web_editor/static/src/js/editor/rte.summernote.js | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/addons/web_editor/static/src/js/backend/field_html.js b/addons/web_editor/static/src/js/backend/field_html.js
index 68e17e96a0a2..caa674c937bc 100644
--- a/addons/web_editor/static/src/js/backend/field_html.js
+++ b/addons/web_editor/static/src/js/backend/field_html.js
@@ -225,7 +225,7 @@ var FieldHtml = basic_fields.DebouncedField.extend(TranslatableFieldMixin, {
toolbar.splice(-1, 0, ['view', ['codeview']]);
}
}
- if ("mailing.mailing" === self.model) {
+ if (self.field.sanitize && self.field.sanitize_tags) {
options.noVideos = true;
}
options.prettifyHtml = false;
diff --git a/addons/web_editor/static/src/js/editor/rte.summernote.js b/addons/web_editor/static/src/js/editor/rte.summernote.js
index 4db9391edf10..cec39557f076 100644
--- a/addons/web_editor/static/src/js/editor/rte.summernote.js
+++ b/addons/web_editor/static/src/js/editor/rte.summernote.js
@@ -489,14 +489,13 @@ eventHandler.modules.imageDialog.showImageDialog = function ($editable) {
var media = $(r.sc).parents().addBack().filter(function (i, el) {
return dom.isImg(el);
})[0];
+ var options = $editable.closest('.o_editable, .note-editor').data('options');
core.bus.trigger('media_dialog_demand', {
$editable: $editable,
media: media,
options: {
onUpload: $editable.data('callbacks').onUpload,
- noVideos:
- $editable.data('oe-model') === "mail.compose.message" ||
- ($editable.data('options') && $editable.data('options').noVideos),
+ noVideos: options && options.noVideos,
},
onSave: function (media) {
if(media && !document.body.contains(media)) {
--
GitLab