Django template filter application for sanitizing user submitted HTML
Project description
**NOTE: Please try to break this and tell me where it is insufficent.**
Allows only whitelisted tags and attributes through.
The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.
For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:
ALLOWED_TAGS = "a:href,name"
In your templates, sanitizing is easy.
{% load sanitizer %}
{{ user_comment|allowtags|safe }}
{{ user_comment|allowtags:"b i"|safe }}
Disallowed tags or attributes are simply removed.
In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.
{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}
Allows only whitelisted tags and attributes through.
The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.
For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:
ALLOWED_TAGS = "a:href,name"
In your templates, sanitizing is easy.
{% load sanitizer %}
{{ user_comment|allowtags|safe }}
{{ user_comment|allowtags:"b i"|safe }}
Disallowed tags or attributes are simply removed.
In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.
{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
django-sanitizer-0.4.tar.gz
(3.9 kB
view details)
File details
Details for the file django-sanitizer-0.4.tar.gz.
File metadata
- Download URL: django-sanitizer-0.4.tar.gz
- Upload date:
- Size: 3.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bfa5e9cdbd3b2a1a55c73e8c04bcc279e8e7fb394858ab6f2de4b0fe3eff79ba |
|
| MD5 | c52f266235e1cf5e220bb3456ffba1f4 |
|
| BLAKE2b-256 | d69e0655edaea34f61ee6dc5d51a4ad632d72780d13fca1945c4c426ada79339 |
