django-html_sanitizer Provides a set of HTML cleaning utilities for django models, forms and templates
Download

django-html_sanitizer Ranking & Summary

django-html_sanitizer Tags

HTML Django HTML sanitizer cleaning

django-html_sanitizer Description

django-html_sanitizer is a Django app that provides a set of utilities to easily sanitize/escape/clean HTML inputs in Django. This app is built on top of bleach, the excellent Python HTML sanitizer.InstallationAdd sanitizer to your INSTALLED_APPS:INSTALLED_APPS = ( # other apps "sanitizer",)Model UsageSimilar to bleach, django sanitizer is a whitelist (only allows specified tags and attributes) based HTML sanitizer. Django sanitizer provides two model fields that automatically sanitizes text values; SanitizedCharField and SanitizedTextField.These fields accept three extra arguments: - allowed_tags: a list of allowed HTML tags - allowed_attributes: a list of allowed HTML attributes - strip: a boolean indicating whether offending tags/attributes should be escaped or stripped.Here's how to use it in django models:from django.db import modelsfrom sanitizer.models import SanitizedCharField, SanitizedTextFieldclass MyModel(models.Model): # Allow only < a >, < p >, < img > tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=, allowed_attributes=, strip=False) bar = SanitizedTextField(max_length=255, allowed_tags=, allowed_attributes=, strip=False)Form UsageUsing django sanitizer in django forms is very similar to model usage:from django import formsfrom sanitizer.forms import SanitizedCharField, SanitizedTextFieldclass MyForm(forms.Form): # Allow only < a >, < p >, < img > tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=, allowed_attributes=, strip=False) bar = SanitizedTextField(max_length=255, allowed_tags=, allowed_attributes=, strip=False)Template UsageDjango sanitizer provides a few differents ways of cleaning HTML in templates:- escape_html template tagExample usage:{% load sanitizer %}{% escape_html post.content "a, p, img" "href, src" %}Assuming post.content contains the string '< a href ="#" >Example< /a >< script >alert("x")< /script >', the above tag will output '< a href ="#" >Example< /a >'- strip_html template tagExample usage:{% load sanitizer %}{% strip_html post.content "a, p, img" "href, src" %}Assuming post.content contains the string '< a href ="#" >Example< /a >< script >alert("x")< /script >', the above tag will output '< a href ="#" >Example< /a >alert("x")'- escape_html filterEscapes HTML tags from string based on settings. To use this filter you need to put these variables on settings.py: SANITIZER_ALLOWED_TAGS - a list of allowed tags (defaults to an empty list) SANITIZER_ALLOWED_ATTRIBUTES - a list of allowed attributes (defaults to an empty list)For example if we have SANITIZER_ALLOWED_TAGS = , SANITIZER_ALLOWED_ATTRIBUTES = in settings.py, doing:{% load sanitizer %}{{ post.content|escape_html }}Assuming post.content contains the string '< a href ="#" >Example< /a >< script >alert("x")< /script >', the above filter will output '< a href ="#" >Example< /a >'- strip_html filterStrips HTML tags from text, allowing only whitelisted tags/attributes. To use this filter you need to put these variables on settings.py:- SANITIZER_ALLOWED_TAGS - a list of allowed tags (defaults to an empty list)- SANITIZER_ALLOWED_ATTRIBUTES - a list of allowed attributes (defaults to an empty list)For example if we have SANITIZER_ALLOWED_TAGS = , SANITIZER_ALLOWED_ATTRIBUTES = in settings.py, doing:{% load sanitizer %}{{ post.content|strip_html }}Assuming post.content contains the string 'Examplealert("x")', the above filter will output 'Examplealert("x")'Product's homepage

django-html_sanitizer Related Software