{ "info": { "author": "Chris Routh", "author_email": "chris@routh.io", "bugtrack_url": null, "classifiers": [ "Framework :: Django", "Framework :: Django :: 2.1", "Framework :: Django :: 2.2", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": ".. django_tidyfields documentation master file, created by startproject.\n You can adapt this file completely to your liking, but it should at least\n contain the root `toctree` directive.\n\n=================================================\nWelcome to django_tidyfields's documentation!\n=================================================\n\n:Version: 1.1.0\n:Source: https://gitlab.routh.io/open-source/python/django_tidyfields\n:Keywords: ``django`` ``lxml`` ``input`` ``html`` ``fields``\n:PythonVersion: 3.6+\n\n|build-status| |requirements| |coverage|\n\n|python-versions| |django-versions| |pypi-version| |pypi-downloads|\n\nSanitise HTML input from API Endpoints or Views\n\n.. contents::\n\n.. section-numbering::\n\nFeatures\n========\n\n* Leverages the power of ``lxml`` to filter model fields\n* Supports input from any source as the filtering is triggered by model save\n\nInstallation\n============\n\nRequirements\n------------\n\n* Python 3.6 or above\n* setuptools 30.3.0 or above\n* Django 2.0 or above\n\n\nInstall\n-------\n\nInstall ``django_tidyfields`` via ``pip``:\n\n.. code-block:: bash\n\n pip install django-tidyfields\n\nAdd Django TidyFields to ``INSTALLED_APPS``:\n\n.. code-block:: python\n\n INSTALLED_APPS = [\n # ...\n 'django_tidyfields',\n # ...\n ]\n\nConfigure\n---------\n\nThese fields pass the expected arguments for `lxml.html.clean.Cleaner` class through to the `Cleaner` instance directly. We will try to\nkeep the docs in line with the latest integrated lxml version, however these parameters are subject to change based on the\ndevelopment of lxml. More on `https://lxml.de `_\n\n\n\nUsage\n=====\n\nDjango TidyFields subclass the Django TextField and CharField classes, and take any parameters available to them.\n\nYou can optionally configure the field globally in your Django Settings:\n\n.. code-block:: python\n\n \"\"\"\n Empty dict example, showing all parameters available, at their defaults.\n \"\"\"\n TIDYFIELDS = {\n 'processing_instructions': True,\n 'javascript': True,\n 'comments': True,\n 'style': True,\n 'allow_tags': [],\n 'remove_unknown_tags': False,\n 'kill_tags': ['script', 'style'],\n 'safe_attrs_only': True,\n 'safe_attrs': [],\n 'add_nofollow': True,\n 'scripts': True,\n 'inline_style': None,\n 'links': True,\n 'meta': True,\n 'page_structure': True,\n 'embedded': True,\n 'frames': True,\n 'forms': True,\n 'annoying_tags': True,\n 'remove_tags': None,\n 'host_whitelist': [],\n 'whitelist_tags': {}\n }\n\n\nAnd you can override specific parameters for each model that uses Django TidyFields. Parameters not set here will inherit from\nthe global settings or from `lxml.html.clean.Cleaner` itself. Review the `lxml documentation `_\nfor the bleach default arguments.\n\n``models.py``:\n\n.. code-block:: python\n\n \"\"\"\n A minimal Models.py usage example\n \"\"\"\n\n from django.db.models import Model\n from django_tidyfields.fields import TidyTextField, TidyCharField\n\n class UserSubmission(Model):\n title = TidyCharField()\n description = TidyTextField()\n body = TidyTextField()\n\n\nAdvanced Usage\n==============\n\nDjango TidyFields can be used however you like, but we recommend that your global defaults be a minimum\nallowed set of tags, or simply be setup to strip everything. If your project only allows HTML tags in certain\nTextFields for example, it implies that you'll have a number of CharFields and TextFields where you want HTML\nto be stripped out.\n\nYou can define allowed tags when defining a field directly in the model, however you may also define addition\ndefaults with unique variable names in your Django Settings, and use that var on any TextField that allows those\ntags. The fields check to see if any arguments are set in the `field_args` parameter, and only overrides the\ndefault arguments if you've passed the same argument again. So you can use additive and subtractive magic to\nsimplify your code as much as possible. Just remember the Wizards Second Rule! (Especially when using subtractive\nmagic)\n\n | \u201cThe Second Rule is that the greatest harm can result from the best intentions. It sounds a paradox, but kindness and good intentions can be an insidious path to destruction. Sometimes doing what seems right is wrong and can cause harm. The only counter to it is knowledge, wisdom, forethought, and understanding the First Rule. Even then, that is not always enough.\u201d\n |\n | *-- Zedd Zu'l Zorander*\n | *Stone of Tears, Terry Goodkind*\n\nAn Additive example\n-------------------\n\n``settings.py``:\n\n.. code-block:: python\n\n \"\"\"\n Default dict that strips all HTML, with a permissive dict for certain fields.\n \"\"\"\n TIDYFIELDS = {\n 'processing_instructions': True,\n 'javascript': True,\n 'comments': True,\n 'style': True,\n 'allow_tags': [''],\n 'remove_unknown_tags': False,\n 'kill_tags': ['script', 'style'],\n 'safe_attrs_only': True,\n 'safe_attrs': [''],\n 'add_nofollow': True\n }\n\n PERMISSIVE_TIDYFIELDS = {\n 'allow_tags': ['b', 'em', 'i', 'strong', 'span', 'p', 'pagebreak'],\n 'safe_attrs': ['style'],\n 'style': False\n }\n\n``models.py``:\n\n.. code-block:: python\n\n \"\"\"\n A models.py usage example with Additive magic\n \"\"\"\n\n from django.db.models import Model\n from django.conf import settings\n from django_tidyfields.fields import TidyTextField, TidyCharField\n\n class UserSubmission(Model):\n title = TidyCharField()\n description = TidyTextField()\n body = TidyTextField(field_args=settings.PERMISSIVE_TIDYFIELDS)\n\nHistory\n=======\n\nThis module was originally named Django-Bleachfields and was intended to be a spiritual successor to the now defunct django-bleachfield module. An alpha version had been uploaded to Pypi, however it has been pulled in favour of this module. During initial testing it was found that ``bleach`` only removes tags, the developers considering removal of the code within them being a concern of beutifying HTML rather than a security concern. It was found that this opened the door for some of the more creative XSS filter attacks. As a result, ``lxml`` was chosen to replace ``bleach`` in this module as it allows the complete removal of specified tags and their content.\n\nTesting\n=======\n\nThis module is tested to ensure it does not strip allowed HTML or CSS, but that it does strip XSS attacks or leaves them inert. Nearly 30 attacks from the `OWASP XSS Filter Evasion cheat sheet `_ are tested. More will be added in the next version.\n\nDisclaimer: Allowing javascript will compromise the XSS filtering. Do so with utmost caution and only give such priveledges to trusted persons.\n\n\n.. |build-status| image:: https://gitlab.routh.io/open-source/python/django_tidyfields/badges/master/pipeline.svg\n :target: https://gitlab.routh.io/open-source/python/django_tidyfields/commits/master\n\n.. |requirements| image:: https://requires.io/enterprise/Routhinator/django_tidyfields/requirements.svg?branch=master\n :target: https://requires.io/enterprise/Routhinator/django_tidyfields/requirements/?branch=master\n :alt: Requirements status\n\n.. |coverage| image:: https://gitlab.routh.io/open-source/python/django_tidyfields/badges/master/coverage.svg\n :target: http://open-source.pages.routh.io/python/django_tidyfields/\n :alt: Coverage status\n\n.. |python-versions| image:: https://img.shields.io/pypi/pyversions/django_tidyfields.svg\n\n.. |django-versions| image:: https://img.shields.io/pypi/djversions/django_tidyfields.svg\n\n.. |pypi-version| image:: https://img.shields.io/pypi/v/django_tidyfields.svg\n :target: https://pypi.org/project/django-tidyfields/\n\n.. |pypi-downloads| image:: https://pepy.tech/badge/django-tidyfields\n :target: https://pepy.tech/project/django-tidyfields", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://gitlab.routh.io/open-source/python/django_tidyfields", "keywords": "django,lxml,input,html,fields", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "django-tidyfields", "package_url": "https://pypi.org/project/django-tidyfields/", "platform": "", "project_url": "https://pypi.org/project/django-tidyfields/", "project_urls": { "Homepage": "https://gitlab.routh.io/open-source/python/django_tidyfields" }, "release_url": "https://pypi.org/project/django-tidyfields/1.1.0/", "requires_dist": null, "requires_python": "", "summary": "Easily accept html input with Django models, templates and DRF serializers", "version": "1.1.0" }, "last_serial": 5288946, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "cba4ddbf9f0da8ff58b8721e13169c4a", "sha256": "0f593cab16b3df601258da8c1c669b7ec19731aa2d6e15ab35906a3189af1ffb" }, "downloads": -1, "filename": "django_tidyfields-0.1.0.tar.gz", "has_sig": false, "md5_digest": "cba4ddbf9f0da8ff58b8721e13169c4a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9313, "upload_time": "2019-04-22T01:11:30", "url": "https://files.pythonhosted.org/packages/d3/2c/71498565ab75784e249e85eeaedfdd4999c7520f35322e302c27286ea924/django_tidyfields-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "20f636bba2345949b3496f2bcb448e44", "sha256": "8d5871f6f6cee92ac1623c537bf64baaade478919a513b99bda5007c748ddef2" }, "downloads": -1, "filename": "django_tidyfields-0.1.1.tar.gz", "has_sig": false, "md5_digest": "20f636bba2345949b3496f2bcb448e44", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9298, "upload_time": "2019-04-22T04:43:21", "url": "https://files.pythonhosted.org/packages/36/78/94166303367b6fa6d664669cf8810b5fc2b85b44dad00845e8aa945a6ad7/django_tidyfields-0.1.1.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "cb34bd801ed95a2aa504ce40aab3d679", "sha256": "00ec844514a897d2c59f2ae3daacd6d68273e2ac688f1206a95cdef8320cecef" }, "downloads": -1, "filename": "django_tidyfields-1.0.0.tar.gz", "has_sig": false, "md5_digest": "cb34bd801ed95a2aa504ce40aab3d679", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14517, "upload_time": "2019-04-24T14:40:51", "url": "https://files.pythonhosted.org/packages/27/fa/01a55d6f15a6d44632027b9fa9d02c4ea770455140e1ecd9c8568da528f0/django_tidyfields-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "4bd2ec1fdc301b39804e6c4b8b065e37", "sha256": "f95290e1fb07410f8c38221a0d285d100ecce8f2b5b01fe5caefb4e019a6fd2e" }, "downloads": -1, "filename": "django_tidyfields-1.0.1.tar.gz", "has_sig": false, "md5_digest": "4bd2ec1fdc301b39804e6c4b8b065e37", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14505, "upload_time": "2019-04-24T15:12:26", "url": "https://files.pythonhosted.org/packages/4e/0b/9b921953b70c384f0a8b108574749fe2df270a2de5b40fc7b9dd4a7f7716/django_tidyfields-1.0.1.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "992f10e594e394dd3306c02c3c993b4c", "sha256": "fa7bdbc7072183c249c96c92d38cd2aedba3630a7cb54f8f626eeca66d91a5fe" }, "downloads": -1, "filename": "django_tidyfields-1.1.0.tar.gz", "has_sig": false, "md5_digest": "992f10e594e394dd3306c02c3c993b4c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14620, "upload_time": "2019-05-19T17:38:10", "url": "https://files.pythonhosted.org/packages/9d/1a/439293506ecb556b5e13cd80dde5a8fbd1ba76ee3cb33856c316e7c0ce72/django_tidyfields-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "992f10e594e394dd3306c02c3c993b4c", "sha256": "fa7bdbc7072183c249c96c92d38cd2aedba3630a7cb54f8f626eeca66d91a5fe" }, "downloads": -1, "filename": "django_tidyfields-1.1.0.tar.gz", "has_sig": false, "md5_digest": "992f10e594e394dd3306c02c3c993b4c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14620, "upload_time": "2019-05-19T17:38:10", "url": "https://files.pythonhosted.org/packages/9d/1a/439293506ecb556b5e13cd80dde5a8fbd1ba76ee3cb33856c316e7c0ce72/django_tidyfields-1.1.0.tar.gz" } ] }