{ "info": { "author": "Selwin Ong", "author_email": "selwin.ong@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Text Processing :: Markup :: HTML" ], "description": "=====================\nDjango HTML Sanitizer\n=====================\n\nDjango HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean\nHTML inputs in django. This app is built on top of `bleach `_,\nthe excellent Python HTML sanitizer.\n\n\nDependencies\n============\n\n- `django `_: http://djangoproject.com/\n- `bleach `_: http://github.com/jsocol/bleach\n\n\nInstallation\n============\n\nYou'll first need to install the package (or download manually from\n`pypi `_)::\n \n pip install django-html_sanitizer\n\nAnd then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::\n \n INSTALLED_APPS = (\n # other apps\n \"sanitizer\",\n )\n\n\nModel Usage\n===========\n\nSimilar to bleach, django sanitizer is a whitelist (only allows specified tags \nand attributes) based HTML sanitizer. Django sanitizer provides two model fields\nthat automatically sanitizes text values; ``SanitizedCharField`` and \n``SanitizedTextField``.\n\nThese fields accept extra arguments:\n\n* allowed_tags: a list of allowed HTML tags\n* allowed_attributes: a list of allowed HTML attributes, or a dictionary of\n tag keys with atttribute list for each key\n* allowed_styles: a list of allowed styles if \"style\" is one of the allowed \n attributes\n* strip: a boolean indicating whether offending tags/attributes should be escaped or stripped\n\nHere's how to use it in django models::\n \n from django.db import models\n from sanitizer.models import SanitizedCharField, SanitizedTextField\n\n class MyModel(models.Model):\n # Allow only ,

, tags and \"href\" and \"src\" attributes\n foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes=['href', 'src'], strip=False)\n bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes=['href', 'src'], strip=False)\n foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes={'img':['src', 'style']}, \n allowed_styles=['width', 'height'], strip=False)\n\n\nForm Usage\n==========\n\nUsing django HTML sanitizer in django forms is very similar to model usage::\n \n from django import forms\n from sanitizer.forms import SanitizedCharField\n\n class MyForm(forms.Form):\n # Allow only ,

, tags and \"href\" and \"src\" attributes\n foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes=['href', 'src'], strip=False)\n bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)\n foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], \n allowed_attributes={'img':['src', 'style']}, \n allowed_styles=['width', 'height'], strip=False)\n\n\nTemplate Usage\n==============\n\nDjango sanitizer provides a few differents ways of cleaning HTML in templates.\n\n``escape_html`` Template Tag\n----------------------------\n\nExample usage::\n \n {% load sanitizer %}\n {% escape_html post.content \"a, p, img\" \"href, src, style\" \"width\"%}\n\nAssuming ``post.content`` contains the string\n'Example', the above tag will\noutput::\n\n 'Example<script>alert(\"x\")</script>'\n\nOn django 1.4 you could also use keyword arguments::\n\n {% escape_html 'bar' allowed_tags=\"a,img\" allowed_attributes=\"href,src\" allowed_styles=\"width\" %}\n\n\n``strip_html`` Template Tag\n---------------------------\n\nExample usage::\n \n {% load sanitizer %}\n {% strip_html post.content \"a, p, img\" \"href, src\" %}\n\nIf ``post.content`` contains the string\n'Example', this will give you::\n\n 'Examplealert(\"x\")'\n\n\n``escape_html`` Filter\n----------------------\n\nEscapes HTML tags from string based on settings. To use this filter you need to\nput these variables on settings.py:\n\n* ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)\n* ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)\n* ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)\n\nFor example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, \n``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, \n``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::\n \n {% load sanitizer %}\n {{ post.content|escape_html }}\n\nIf ``post.content`` contains the string\n'Example', it will give you::\n\n 'Example<script>alert(\"x\")</script>'\n\n\n``strip_html`` Filter\n---------------------\n\nSimilar to ``escape_html`` filter, except it strips out offending HTML tags.\n\nFor example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, \n``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::\n \n {% load sanitizer %}\n {{ post.content|strip_html }}\n\nIf ``post.content`` contains the string\n'Example', we will get::\n\n 'Examplealert(\"x\")'\n\n\n\nChangelog\n=========\n\nVersion 0.1.5\n-------------\n\n* Fixes for smart_unicode and basestring (python 3.x support)\n\nVersion 0.1.4\n-------------\n\n* ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support\n ``allowed_styles`` (thanks `cltrudeau `_, \n* Added an example of template tag usage using kwargs now that Django 1.4 is out\n\nVersion 0.1.2\n-------------\n\n* ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/ui/django-html_sanitizer", "keywords": null, "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "django-html_sanitizer", "package_url": "https://pypi.org/project/django-html_sanitizer/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-html_sanitizer/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/ui/django-html_sanitizer" }, "release_url": "https://pypi.org/project/django-html_sanitizer/0.1.5/", "requires_dist": null, "requires_python": null, "summary": "Provides a set of HTML cleaning utilities for django models, forms and templates.", "version": "0.1.5" }, "last_serial": 1901865, "releases": { "0.1.1": [ { "comment_text": "", "digests": { "md5": "18445fe519a0920d5057d3440eca3226", "sha256": "5652127eb9d04f107fb3cf847b5087c077630b08bd0f5d72b667eb02f70043a4" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.1.tar.gz", "has_sig": false, "md5_digest": "18445fe519a0920d5057d3440eca3226", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4570, "upload_time": "2012-05-02T18:51:00", "url": "https://files.pythonhosted.org/packages/0d/c7/d7f6dbaf7e8f013b5ad6f44240663850abab91c8e6e330e549191413771d/django-html_sanitizer-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "410f237fd479a7e61be8f81b1199ef08", "sha256": "9072f8ca5a7d07996d636c373b3d511ca9978d7f7f37524fa446846a0e57c7b5" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.2.tar.gz", "has_sig": false, "md5_digest": "410f237fd479a7e61be8f81b1199ef08", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4742, "upload_time": "2012-08-18T10:17:46", "url": "https://files.pythonhosted.org/packages/82/73/fcfce9056a694e3a5e6b783b8eb1753fb7793044e63667cbd77400cba146/django-html_sanitizer-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "fce2d177407d4d35b978361f93e181a2", "sha256": "319cf6001ec63f2b39f81d54ae329c620bbf358adcb2cc65d48942324ea005fb" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.3.tar.gz", "has_sig": false, "md5_digest": "fce2d177407d4d35b978361f93e181a2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5478, "upload_time": "2012-08-21T15:37:00", "url": "https://files.pythonhosted.org/packages/f6/d4/54aca9d2171a13a628aaff5d9f6a53cd3c5ed77d7d351000095f7ee7ce1b/django-html_sanitizer-0.1.3.tar.gz" } ], "0.1.4": [ { "comment_text": "", "digests": { "md5": "660f1162bacdea045e8145b190f4248c", "sha256": "2bc4e70889c852479d42ed98b78e5da753f65d9ea8dd1faebf644e2298f52990" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.4.tar.gz", "has_sig": false, "md5_digest": "660f1162bacdea045e8145b190f4248c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6066, "upload_time": "2012-11-11T10:13:19", "url": "https://files.pythonhosted.org/packages/70/c8/c0f88f2ba0bbd8dd5b82a17cc6c42ed5db6192bd58792136eb668e5f1b9d/django-html_sanitizer-0.1.4.tar.gz" } ], "0.1.5": [ { "comment_text": "", "digests": { "md5": "0fc42e2314f687484e9e236d9e842283", "sha256": "5820ad3ac6bebdc8dc95d8401194a921248852e4ba32ba1d22d0ddaefd649873" }, "downloads": -1, "filename": "django_html_sanitizer-0.1.5-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0fc42e2314f687484e9e236d9e842283", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 10606, "upload_time": "2016-01-13T01:28:37", "url": "https://files.pythonhosted.org/packages/0a/4c/f4c7364126273ddb86bdf52a0824bb49273e2d4f2ce2968b766359256654/django_html_sanitizer-0.1.5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "350dd3b75420fad351fb7c3818e46714", "sha256": "407079629e472bd4d9998b6a050c18949d3e88e38ceb985d30ea2b05128e32d4" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.5.tar.gz", "has_sig": false, "md5_digest": "350dd3b75420fad351fb7c3818e46714", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5977, "upload_time": "2016-01-13T01:28:32", "url": "https://files.pythonhosted.org/packages/3a/0f/a877623d3692ee9e0b1e2be9c460e21f88028b1ffe7e49de2912cc946490/django-html_sanitizer-0.1.5.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0fc42e2314f687484e9e236d9e842283", "sha256": "5820ad3ac6bebdc8dc95d8401194a921248852e4ba32ba1d22d0ddaefd649873" }, "downloads": -1, "filename": "django_html_sanitizer-0.1.5-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0fc42e2314f687484e9e236d9e842283", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 10606, "upload_time": "2016-01-13T01:28:37", "url": "https://files.pythonhosted.org/packages/0a/4c/f4c7364126273ddb86bdf52a0824bb49273e2d4f2ce2968b766359256654/django_html_sanitizer-0.1.5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "350dd3b75420fad351fb7c3818e46714", "sha256": "407079629e472bd4d9998b6a050c18949d3e88e38ceb985d30ea2b05128e32d4" }, "downloads": -1, "filename": "django-html_sanitizer-0.1.5.tar.gz", "has_sig": false, "md5_digest": "350dd3b75420fad351fb7c3818e46714", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5977, "upload_time": "2016-01-13T01:28:32", "url": "https://files.pythonhosted.org/packages/3a/0f/a877623d3692ee9e0b1e2be9c460e21f88028b1ffe7e49de2912cc946490/django-html_sanitizer-0.1.5.tar.gz" } ] }