Django template filter application for sanitizing user submitted HTML
Project description
**NOTE: Please try to break this and tell me where it is insufficent.**
Allows only whitelisted tags and attributes through.
The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.
For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:
ALLOWED_TAGS = "a:href,name"
In your templates, sanitizing is easy.
{% load sanitizer %}
{{ user_comment|allowtags|safe }}
{{ user_comment|allowtags:"b i"|safe }}
Disallowed tags or attributes are simply removed.
In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.
{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}
Allows only whitelisted tags and attributes through.
The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.
For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:
ALLOWED_TAGS = "a:href,name"
In your templates, sanitizing is easy.
{% load sanitizer %}
{{ user_comment|allowtags|safe }}
{{ user_comment|allowtags:"b i"|safe }}
Disallowed tags or attributes are simply removed.
In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.
{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-sanitizer-0.4.1.tar.gz
.
File metadata
- Download URL: django-sanitizer-0.4.1.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9d6cce3a895d29afa04d818b22713a1b49085dbca97dd109cd6c13365a3b8f98 |
|
MD5 | b487f7dc3f6db1ece9d8d33a352624da |
|
BLAKE2b-256 | 9e5219ab50a23ba47cdc6319461cfe0f50fb2cc5800e0186f86b216b31588dbc |