From 97bf46eed4f1676e19569c8fb32576bb6c30fb16 Mon Sep 17 00:00:00 2001
From: amercader <amercadero@gmail.com>
Date: Wed, 22 Feb 2017 13:17:30 +0000
Subject: [PATCH] Revert "added some tests and src attr to img"

This reverts commit e5a23bebc9fdc1960053921665eafecacef98aa7.
---
 ckan/lib/helpers.py            |  9 ++------
 ckan/tests/lib/test_helpers.py | 39 ----------------------------------
 2 files changed, 2 insertions(+), 46 deletions(-)

diff --git a/ckan/lib/helpers.py b/ckan/lib/helpers.py
index f85ee71e0c6..97a27f787a8 100644
--- a/ckan/lib/helpers.py
+++ b/ckan/lib/helpers.py
@@ -25,7 +25,7 @@
 from webhelpers.text import truncate
 import webhelpers.date as date
 from markdown import markdown
-from bleach import clean as clean_html, ALLOWED_TAGS, ALLOWED_ATTRIBUTES
+from bleach import clean as clean_html, ALLOWED_TAGS
 from pylons import url as _pylons_default_url
 from pylons.decorators.cache import beaker_cache
 from pylons import config
@@ -51,9 +51,6 @@
     'sup', 'sub', 'strike', 'br', 'hr'
 ]).union(ALLOWED_TAGS)
 
-MARKDOWN_ATTRIBUTES = copy.deepcopy(ALLOWED_ATTRIBUTES)
-MARKDOWN_ATTRIBUTES.setdefault('img', []).extend(['src', 'alt', 'title'])
-
 
 from ckan.common import (
     _, ungettext, g, c, request, session, json, OrderedDict
@@ -1702,9 +1699,7 @@ def render_markdown(data, auto_link=True, allow_html=False):
         data = markdown(data.strip(), safe_mode=False)
     else:
         data = RE_MD_HTML_TAGS.sub('', data.strip())
-        data = clean_html(
-            markdown(data), strip=True,
-            tags=MARKDOWN_TAGS, attributes=MARKDOWN_ATTRIBUTES)
+        data = clean_html(markdown(data), strip=True, tags=MARKDOWN_TAGS)
     # tags can be added by tag:... or tag:"...." and a link will be made
     # from it
     if auto_link:
diff --git a/ckan/tests/lib/test_helpers.py b/ckan/tests/lib/test_helpers.py
index 895944e64ff..d3bc3f00857 100644
--- a/ckan/tests/lib/test_helpers.py
+++ b/ckan/tests/lib/test_helpers.py
@@ -159,45 +159,6 @@ def test_render_markdown_auto_link_ignoring_trailing_punctuation(self):
         output = '<p>My link: <a href="http://example.com/page.html" target="_blank" rel="nofollow">http://example.com/page.html</a>.</p>'
         eq_(h.render_markdown(data), output)
 
-    def test_render_markdown_with_js(self):
-        data = u'[text](javascript: alert(1))'
-        output = u'<p><a>text</a></p>'
-        eq_(h.render_markdown(data), output)
-
-    def test_event_attributes(self):
-        data = u'<p onclick="some.script"><img onmouseover="some.script" src="image.png" /> and text</p>'
-        output = u'<p>and text</p>'
-        eq_(h.render_markdown(data), output)
-
-    def test_ampersand_in_links(self):
-        data = u'[link](/url?a=1&b=2)'
-        output = u'<p><a href="/url?a=1&amp;b=2">link</a></p>'
-        eq_(h.render_markdown(data), output)
-
-        data = u'http://example.com/page?a=1&b=2'
-        output = u'<p><a href="http://example.com/page?a=1&amp;b=2" target="_blank" rel="nofollow">http://example.com/page?a=1&amp;b=2</a></p>'
-        eq_(h.render_markdown(data), output)
-
-    def test_tags_h1(self):
-        data = u'#heading'
-        output = u'<h1>heading</h1>'
-        eq_(h.render_markdown(data), output)
-
-    def test_tags_h2(self):
-        data = u'##heading'
-        output = u'<h2>heading</h2>'
-        eq_(h.render_markdown(data), output)
-
-    def test_tags_h3(self):
-        data = u'###heading'
-        output = u'<h3>heading</h3>'
-        eq_(h.render_markdown(data), output)
-
-    def test_tags_img(self):
-        data = u'![image](/image.png)'
-        output = u'<p><img alt="image" src="/image.png"></p>'
-        eq_(h.render_markdown(data), output)
-
 
 class TestHelpersRemoveLineBreaks(object):