Skip to main content

Django template filter application for sanitizing user submitted HTML

Project description

**NOTE: Please try to break this and tell me where it is insufficent.**

Allows only whitelisted tags and attributes through.

The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.

For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:

ALLOWED_TAGS = "a:href,name"

In your templates, sanitizing is easy.

{% load sanitizer %}

{{ user_comment|allowtags|safe }}

{{ user_comment|allowtags:"b i"|safe }}

Disallowed tags or attributes are simply removed.

In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.

{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-sanitizer-0.4.1.tar.gz (3.9 kB view details)

Uploaded Source

File details

Details for the file django-sanitizer-0.4.1.tar.gz.

File metadata

File hashes

Hashes for django-sanitizer-0.4.1.tar.gz
Algorithm Hash digest
SHA256 9d6cce3a895d29afa04d818b22713a1b49085dbca97dd109cd6c13365a3b8f98
MD5 b487f7dc3f6db1ece9d8d33a352624da
BLAKE2b-256 9e5219ab50a23ba47cdc6319461cfe0f50fb2cc5800e0186f86b216b31588dbc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page