id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
4743,Patch: intertrac support_ include external html_ remote authentication,jholg,rjollos,Hi_\r\n\r\nI finally got round to working on IncludeMacro.\r\n\r\nAttached proposal code for IncludeMacro supports:\r\n * intertrac support (also requested in ticket:1196 )\r\n * support of actual inclusion of remote html pages_ with conversion of relative or server-local absolute links to full absolute links (fixes ticket:3979).\r\n * the possibility to select part of the included html result by using a genshi transformer xpath expression\r\n * if installed_ BeautifulSoup will be used to clean up messy included html. This is regularly the case for external html_ but it also often happens that Trac macros/plugins break Trac's xhtml-validity.\r\n\r\nThis should also fix ticket:2474 (non-standard http port).\r\n\r\nRegarding the 2nd point: The actual inclusion of remote sources is not possible in the original IncludeMacro_ only html ''snippets'' can be used (unless render_unsafe_content is set to true).\r\n \r\nMy version therefore changes the HTMLSanitizer instantiation to \r\n{{{\r\nHTMLSanitizer.SAFE_TAGS|set(["html"_ "body"])\r\n}}}\r\nwhich allows inclusion of "full" external html. Without allowing html & body_ no (x)html documents will ever be rendered if render_unsafe_content is off_ only (x)html snippets. Does it hurt to allow body to be parsed? I don't think so_ as ''already'' non xhtml-valid inclusion may render due to the parser not yielding events in document order. All offensive stuff inside body will be filtered out nonetheless.\r\n\r\nI'm attaching this as a full source file as the changes to the original source are by now quite significant.\r\n\r\nI'd love to see getting these capabilities into the official IncludeMacro. Let me know if I can help.\r\n\r\nHolger\r\n\r\n,enhancement,new,normal,IncludeMacro,normal,,intertrac,,0.11