django-html_sanitizer-0.1.5/0000775000175000017500000000000012645324072016644 5ustar selwinselwin00000000000000django-html_sanitizer-0.1.5/setup.cfg0000666000175000017500000000013012645324072020461 0ustar selwinselwin00000000000000[bdist_wheel] universal = 1 [egg_info] tag_build = tag_date = 0 tag_svn_revision = 0 django-html_sanitizer-0.1.5/PKG-INFO0000664000175000017500000002032212645324072017740 0ustar selwinselwin00000000000000Metadata-Version: 1.1 Name: django-html_sanitizer Version: 0.1.5 Summary: Provides a set of HTML cleaning utilities for django models, forms and templates. Home-page: https://github.com/ui/django-html_sanitizer Author: Selwin Ong Author-email: selwin.ong@gmail.com License: MIT Description: ===================== Django HTML Sanitizer ===================== Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean HTML inputs in django. This app is built on top of `bleach `_, the excellent Python HTML sanitizer. Dependencies ============ - `django `_: http://djangoproject.com/ - `bleach `_: http://github.com/jsocol/bleach Installation ============ You'll first need to install the package (or download manually from `pypi `_):: pip install django-html_sanitizer And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``:: INSTALLED_APPS = ( # other apps "sanitizer", ) Model Usage =========== Similar to bleach, django sanitizer is a whitelist (only allows specified tags and attributes) based HTML sanitizer. Django sanitizer provides two model fields that automatically sanitizes text values; ``SanitizedCharField`` and ``SanitizedTextField``. These fields accept extra arguments: * allowed_tags: a list of allowed HTML tags * allowed_attributes: a list of allowed HTML attributes, or a dictionary of tag keys with atttribute list for each key * allowed_styles: a list of allowed styles if "style" is one of the allowed attributes * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped Here's how to use it in django models:: from django.db import models from sanitizer.models import SanitizedCharField, SanitizedTextField class MyModel(models.Model): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Form Usage ========== Using django HTML sanitizer in django forms is very similar to model usage:: from django import forms from sanitizer.forms import SanitizedCharField class MyForm(forms.Form): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Template Usage ============== Django sanitizer provides a few differents ways of cleaning HTML in templates. ``escape_html`` Template Tag ---------------------------- Example usage:: {% load sanitizer %} {% escape_html post.content "a, p, img" "href, src, style" "width"%} Assuming ``post.content`` contains the string 'Example', the above tag will output:: 'Example<script>alert("x")</script>' On django 1.4 you could also use keyword arguments:: {% escape_html 'bar' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %} ``strip_html`` Template Tag --------------------------- Example usage:: {% load sanitizer %} {% strip_html post.content "a, p, img" "href, src" %} If ``post.content`` contains the string 'Example', this will give you:: 'Examplealert("x")' ``escape_html`` Filter ---------------------- Escapes HTML tags from string based on settings. To use this filter you need to put these variables on settings.py: * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list) * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list) * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list) For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|escape_html }} If ``post.content`` contains the string 'Example', it will give you:: 'Example<script>alert("x")</script>' ``strip_html`` Filter --------------------- Similar to ``escape_html`` filter, except it strips out offending HTML tags. For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|strip_html }} If ``post.content`` contains the string 'Example', we will get:: 'Examplealert("x")' Changelog ========= Version 0.1.5 ------------- * Fixes for smart_unicode and basestring (python 3.x support) Version 0.1.4 ------------- * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support ``allowed_styles`` (thanks `cltrudeau `_, * Added an example of template tag usage using kwargs now that Django 1.4 is out Version 0.1.2 ------------- * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to [] Platform: UNKNOWN Classifier: Development Status :: 4 - Beta Classifier: Environment :: Web Environment Classifier: Framework :: Django Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Topic :: Internet :: WWW/HTTP Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: Text Processing :: Markup :: HTML django-html_sanitizer-0.1.5/README.rst0000664000175000017500000001401312645323637020340 0ustar selwinselwin00000000000000===================== Django HTML Sanitizer ===================== Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean HTML inputs in django. This app is built on top of `bleach `_, the excellent Python HTML sanitizer. Dependencies ============ - `django `_: http://djangoproject.com/ - `bleach `_: http://github.com/jsocol/bleach Installation ============ You'll first need to install the package (or download manually from `pypi `_):: pip install django-html_sanitizer And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``:: INSTALLED_APPS = ( # other apps "sanitizer", ) Model Usage =========== Similar to bleach, django sanitizer is a whitelist (only allows specified tags and attributes) based HTML sanitizer. Django sanitizer provides two model fields that automatically sanitizes text values; ``SanitizedCharField`` and ``SanitizedTextField``. These fields accept extra arguments: * allowed_tags: a list of allowed HTML tags * allowed_attributes: a list of allowed HTML attributes, or a dictionary of tag keys with atttribute list for each key * allowed_styles: a list of allowed styles if "style" is one of the allowed attributes * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped Here's how to use it in django models:: from django.db import models from sanitizer.models import SanitizedCharField, SanitizedTextField class MyModel(models.Model): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Form Usage ========== Using django HTML sanitizer in django forms is very similar to model usage:: from django import forms from sanitizer.forms import SanitizedCharField class MyForm(forms.Form): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Template Usage ============== Django sanitizer provides a few differents ways of cleaning HTML in templates. ``escape_html`` Template Tag ---------------------------- Example usage:: {% load sanitizer %} {% escape_html post.content "a, p, img" "href, src, style" "width"%} Assuming ``post.content`` contains the string 'Example', the above tag will output:: 'Example<script>alert("x")</script>' On django 1.4 you could also use keyword arguments:: {% escape_html 'bar' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %} ``strip_html`` Template Tag --------------------------- Example usage:: {% load sanitizer %} {% strip_html post.content "a, p, img" "href, src" %} If ``post.content`` contains the string 'Example', this will give you:: 'Examplealert("x")' ``escape_html`` Filter ---------------------- Escapes HTML tags from string based on settings. To use this filter you need to put these variables on settings.py: * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list) * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list) * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list) For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|escape_html }} If ``post.content`` contains the string 'Example', it will give you:: 'Example<script>alert("x")</script>' ``strip_html`` Filter --------------------- Similar to ``escape_html`` filter, except it strips out offending HTML tags. For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|strip_html }} If ``post.content`` contains the string 'Example', we will get:: 'Examplealert("x")' Changelog ========= Version 0.1.5 ------------- * Fixes for smart_unicode and basestring (python 3.x support) Version 0.1.4 ------------- * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support ``allowed_styles`` (thanks `cltrudeau `_, * Added an example of template tag usage using kwargs now that Django 1.4 is out Version 0.1.2 ------------- * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to [] django-html_sanitizer-0.1.5/setup.py0000664000175000017500000000212612645324031020352 0ustar selwinselwin00000000000000# -*- coding: utf-8 -*- from setuptools import setup setup( name='django-html_sanitizer', version='0.1.5', author='Selwin Ong', author_email='selwin.ong@gmail.com', packages=['sanitizer'], package_data={'': ['README.rst'], 'sanitizer': ['templatetags/*.py']}, url='https://github.com/ui/django-html_sanitizer', license='MIT', description='Provides a set of HTML cleaning utilities for django models, forms and templates.', long_description=open('README.rst').read(), zip_safe=False, include_package_data=True, install_requires=['django', 'bleach'], classifiers=[ 'Development Status :: 4 - Beta', 'Environment :: Web Environment', 'Framework :: Django', 'Intended Audience :: Developers', 'License :: OSI Approved :: MIT License', 'Operating System :: OS Independent', 'Programming Language :: Python', 'Topic :: Internet :: WWW/HTTP', 'Topic :: Software Development :: Libraries :: Python Modules', 'Topic :: Text Processing :: Markup :: HTML', ] ) django-html_sanitizer-0.1.5/sanitizer/0000775000175000017500000000000012645324072020654 5ustar selwinselwin00000000000000django-html_sanitizer-0.1.5/sanitizer/tests.py0000664000175000017500000000753412645323637022407 0ustar selwinselwin00000000000000from django import forms from django.db import models from django.test import TestCase from django.test.utils import override_settings from sanitizer.templatetags.sanitizer import (sanitize, sanitize_allow, escape_html, strip_filter, strip_html) from .forms import SanitizedCharField as SanitizedFormField from .models import SanitizedCharField, SanitizedTextField ALLOWED_TAGS = ['a'] ALLOWED_ATTRIBUTES = ['href', 'style'] ALLOWED_STYLES = ['width'] class TestingModel(models.Model): test_field = SanitizedCharField(max_length=255, allowed_tags=ALLOWED_TAGS, allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES) class TestingTextModel(models.Model): test_field = SanitizedTextField(allowed_tags=ALLOWED_TAGS, allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES) class TestForm(forms.Form): test_field = SanitizedFormField(allowed_tags=['a'], allowed_attributes=['href', 'style'], allowed_styles=['width']) class SanitizerTest(TestCase): @override_settings(SANITIZER_ALLOWED_TAGS=['a']) def test_sanitize(self): """ Test sanitize function in templatetags """ self.assertEqual(sanitize('test'), 'test<script></script>') def test_strip_filter(self): """ Test strip_html filter """ self.assertEqual(strip_filter('test'), 'test') def test_sanitize_allow(self): """ Test sanitize_allow function in templatetags """ self.assertEqual(sanitize_allow('test
', 'br'), 'test
') self.assertEqual(sanitize_allow('test
', 'br'), 'test
') self.assertEqual(sanitize_allow('test', 'a'), 'test') self.assertEqual(sanitize_allow('test', 'a; href'), 'test') def test_SanitizedCharField(self): TestingModel.objects.create(test_field='foobar') test = TestingModel.objects.latest('id') self.assertEqual(test.test_field, 'foo<em>bar</em>') def test_SanitizedTextField(self): TestingTextModel.objects.create(test_field='foobar') test = TestingTextModel.objects.latest('id') self.assertEqual(test.test_field, 'foo<em>bar</em>') def test_SanitizedFormField(self): html = 'foo' form = TestForm({ 'test_field': html }) form.is_valid() self.assertEqual(form.cleaned_data['test_field'], 'foo<em class=""></em>') def test_escape_html(self): html = 'foo' self.assertEqual(escape_html(html, allowed_tags='a', allowed_attributes='href,style', allowed_styles='width'), 'foo<em></em>') self.assertEqual(escape_html(html, allowed_tags=['a'], allowed_attributes=['href', 'style'], allowed_styles=['width']), 'foo<em></em>') def test_strip_html(self): html = 'foo' self.assertEqual(strip_html(html, allowed_tags='a', allowed_attributes='href,style', allowed_styles='width'), 'foo') self.assertEqual(strip_html(html, allowed_tags=['a'], allowed_attributes=['href', 'style'], allowed_styles=['width']), 'foo') django-html_sanitizer-0.1.5/sanitizer/models.py0000664000175000017500000000465612645323637022532 0ustar selwinselwin00000000000000from django.conf import settings from django.db import models import sys if sys.version_info[0] == 3: from django.utils.encoding import smart_text as smart_unicode else: from django.utils.encoding import smart_unicode import bleach class SanitizedCharField(models.CharField): def __init__(self, allowed_tags=[], allowed_attributes=[], allowed_styles=[], strip=False, *args, **kwargs): self._sanitizer_allowed_tags = allowed_tags self._sanitizer_allowed_attributes = allowed_attributes self._sanitizer_allowed_styles = allowed_styles self._sanitizer_strip = strip super(SanitizedCharField, self).__init__(*args, **kwargs) def to_python(self, value): value = super(SanitizedCharField, self).to_python(value) value = bleach.clean(value, tags=self._sanitizer_allowed_tags, attributes=self._sanitizer_allowed_attributes, styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip) return smart_unicode(value) class SanitizedTextField(models.TextField): def __init__(self, allowed_tags=[], allowed_attributes=[], allowed_styles=[], strip=False, *args, **kwargs): self._sanitizer_allowed_tags = allowed_tags self._sanitizer_allowed_attributes = allowed_attributes self._sanitizer_allowed_styles = allowed_styles self._sanitizer_strip = strip super(SanitizedTextField, self).__init__(*args, **kwargs) def to_python(self, value): value = super(SanitizedTextField, self).to_python(value) value = bleach.clean(value, tags=self._sanitizer_allowed_tags, attributes=self._sanitizer_allowed_attributes, styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip) return smart_unicode(value) def get_prep_value(self, value): value = super(SanitizedTextField, self).get_prep_value(value) value = bleach.clean(value, tags=self._sanitizer_allowed_tags, attributes=self._sanitizer_allowed_attributes, styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip) return value if 'south' in settings.INSTALLED_APPS: from south.modelsinspector import add_introspection_rules add_introspection_rules([], ["^sanitizer\.models\.SanitizedCharField"]) add_introspection_rules([], ["^sanitizer\.models\.SanitizedTextField"]) django-html_sanitizer-0.1.5/sanitizer/__init__.py0000664000175000017500000000006612645323637022775 0ustar selwinselwin00000000000000VERSION = (0, 1, 4) from .decorators import sanitize django-html_sanitizer-0.1.5/sanitizer/decorators.py0000664000175000017500000000223712645323637023405 0ustar selwinselwin00000000000000from django import forms import bleach def get_sanitized_clean_func(original_clean, **kwargs): def fn(value): value = original_clean(value) if isinstance(value, basestring): value = bleach.clean(value, **kwargs) return value return fn class sanitize(object): def __init__(self, tags=bleach.ALLOWED_TAGS, attributes=bleach.ALLOWED_ATTRIBUTES, styles=[], strip=False, strip_comments=True): self.kwargs = { 'tags': tags, 'attributes': attributes, 'styles': styles, 'strip': strip, 'strip_comments': strip_comments, } def __call__(self, cls): self.actual_decorator(cls) return cls def actual_decorator(self, cls): fields = [(key, value) for key, value in cls.base_fields.iteritems() if isinstance(value, forms.CharField)] for field_name, field_object in fields: original_clean = getattr(field_object, 'clean') clean_func = get_sanitized_clean_func(original_clean, **self.kwargs) setattr(field_object, 'clean', clean_func) django-html_sanitizer-0.1.5/sanitizer/forms.py0000664000175000017500000000144512645323637022366 0ustar selwinselwin00000000000000from django import forms import bleach class SanitizedCharField(forms.CharField): """ A subclass of CharField that escapes (or strip) HTML tags and attributes. """ def __init__(self, allowed_tags=[], allowed_attributes=[], allowed_styles=[], strip=False, *args, **kwargs): self._allowed_tags = allowed_tags self._allowed_attributes = allowed_attributes self._allowed_styles = allowed_styles self._strip = strip super(SanitizedCharField, self).__init__(*args, **kwargs) def clean(self, value): value = super(SanitizedCharField, self).clean(value) return bleach.clean(value, tags=self._allowed_tags, attributes=self._allowed_attributes, styles=self._allowed_styles, strip=self._strip) django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/0000775000175000017500000000000012645324072024714 5ustar selwinselwin00000000000000django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/PKG-INFO0000664000175000017500000002032212645324072026010 0ustar selwinselwin00000000000000Metadata-Version: 1.1 Name: django-html-sanitizer Version: 0.1.5 Summary: Provides a set of HTML cleaning utilities for django models, forms and templates. Home-page: https://github.com/ui/django-html_sanitizer Author: Selwin Ong Author-email: selwin.ong@gmail.com License: MIT Description: ===================== Django HTML Sanitizer ===================== Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean HTML inputs in django. This app is built on top of `bleach `_, the excellent Python HTML sanitizer. Dependencies ============ - `django `_: http://djangoproject.com/ - `bleach `_: http://github.com/jsocol/bleach Installation ============ You'll first need to install the package (or download manually from `pypi `_):: pip install django-html_sanitizer And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``:: INSTALLED_APPS = ( # other apps "sanitizer", ) Model Usage =========== Similar to bleach, django sanitizer is a whitelist (only allows specified tags and attributes) based HTML sanitizer. Django sanitizer provides two model fields that automatically sanitizes text values; ``SanitizedCharField`` and ``SanitizedTextField``. These fields accept extra arguments: * allowed_tags: a list of allowed HTML tags * allowed_attributes: a list of allowed HTML attributes, or a dictionary of tag keys with atttribute list for each key * allowed_styles: a list of allowed styles if "style" is one of the allowed attributes * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped Here's how to use it in django models:: from django.db import models from sanitizer.models import SanitizedCharField, SanitizedTextField class MyModel(models.Model): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Form Usage ========== Using django HTML sanitizer in django forms is very similar to model usage:: from django import forms from sanitizer.forms import SanitizedCharField class MyForm(forms.Form): # Allow only ,

, tags and "href" and "src" attributes foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False) bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea) foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], allowed_attributes={'img':['src', 'style']}, allowed_styles=['width', 'height'], strip=False) Template Usage ============== Django sanitizer provides a few differents ways of cleaning HTML in templates. ``escape_html`` Template Tag ---------------------------- Example usage:: {% load sanitizer %} {% escape_html post.content "a, p, img" "href, src, style" "width"%} Assuming ``post.content`` contains the string 'Example', the above tag will output:: 'Example<script>alert("x")</script>' On django 1.4 you could also use keyword arguments:: {% escape_html 'bar' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %} ``strip_html`` Template Tag --------------------------- Example usage:: {% load sanitizer %} {% strip_html post.content "a, p, img" "href, src" %} If ``post.content`` contains the string 'Example', this will give you:: 'Examplealert("x")' ``escape_html`` Filter ---------------------- Escapes HTML tags from string based on settings. To use this filter you need to put these variables on settings.py: * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list) * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list) * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list) For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|escape_html }} If ``post.content`` contains the string 'Example', it will give you:: 'Example<script>alert("x")</script>' ``strip_html`` Filter --------------------- Similar to ``escape_html`` filter, except it strips out offending HTML tags. For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing:: {% load sanitizer %} {{ post.content|strip_html }} If ``post.content`` contains the string 'Example', we will get:: 'Examplealert("x")' Changelog ========= Version 0.1.5 ------------- * Fixes for smart_unicode and basestring (python 3.x support) Version 0.1.4 ------------- * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support ``allowed_styles`` (thanks `cltrudeau `_, * Added an example of template tag usage using kwargs now that Django 1.4 is out Version 0.1.2 ------------- * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to [] Platform: UNKNOWN Classifier: Development Status :: 4 - Beta Classifier: Environment :: Web Environment Classifier: Framework :: Django Classifier: Intended Audience :: Developers Classifier: License :: OSI Approved :: MIT License Classifier: Operating System :: OS Independent Classifier: Programming Language :: Python Classifier: Topic :: Internet :: WWW/HTTP Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: Text Processing :: Markup :: HTML django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/requires.txt0000664000175000017500000000001612645324072027311 0ustar selwinselwin00000000000000django bleach django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/top_level.txt0000664000175000017500000000001212645324072027437 0ustar selwinselwin00000000000000sanitizer django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/not-zip-safe0000664000175000017500000000000112645324072027142 0ustar selwinselwin00000000000000 django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/SOURCES.txt0000664000175000017500000000072112645324072026600 0ustar selwinselwin00000000000000LICENSE.txt MANIFEST.in README.rst setup.cfg setup.py django_html_sanitizer.egg-info/PKG-INFO django_html_sanitizer.egg-info/SOURCES.txt django_html_sanitizer.egg-info/dependency_links.txt django_html_sanitizer.egg-info/not-zip-safe django_html_sanitizer.egg-info/pbr.json django_html_sanitizer.egg-info/requires.txt django_html_sanitizer.egg-info/top_level.txt sanitizer/__init__.py sanitizer/decorators.py sanitizer/forms.py sanitizer/models.py sanitizer/tests.pydjango-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/dependency_links.txt0000664000175000017500000000000112645324072030762 0ustar selwinselwin00000000000000 django-html_sanitizer-0.1.5/django_html_sanitizer.egg-info/pbr.json0000664000175000017500000000005712645324072026374 0ustar selwinselwin00000000000000{"is_release": false, "git_version": "6331113"}django-html_sanitizer-0.1.5/LICENSE.txt0000664000175000017500000000203512645323637020475 0ustar selwinselwin00000000000000Copyright (c) 2012 Selwin Ong Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.django-html_sanitizer-0.1.5/MANIFEST.in0000664000175000017500000000004612645323637020410 0ustar selwinselwin00000000000000include LICENSE.txt include README.rst