{ "info": { "author": "Alexander Ivanov", "author_email": "alexander.ivanov@redsolution.ru", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License (GPL)", "Natural Language :: English", "Natural Language :: Russian", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP :: Site Management", "Topic :: Internet :: WWW/HTTP :: Site Management :: Link Checking" ], "description": "===================\ndjango-trusted-html\n===================\n\nDjango-trusted-html will make your html correct, pretty and safe.\n-----------------------------------------------------------------\n\nUsage lyrics\n============\n\nSuppose that some users can post content to your site.\nAnd you want to allow them to post formatted text, images, tables and videos.\nThe best way is using HTML as native format and WYSIWYG editor as user interface.\nSo your users will create content easy and will be happy.\nThey will be able to copy-and-paste content from other sites or GUI-Editors.\nBut you can become unhappy. Your site can looks not homogeneous because of\ndifferent font-families, colors, indents that will come with copy-and-pasted content.\nAlso you can want to protect your site from JavaScript injections.\nIn this way you might want to use django-trusted-html.\n\n\nSanitizing\n----------\n\nThis is application for sanitizing HTML from:\n\n1. javascript injections\n2. objectionable CSS styles\n3. objectionable tags\n4. objectionable or inaccessible links, images and embedded objects\n\nFor example you can:\n\n1. remove scripts from user`s content posted to your site\n2. remove user-specified fonts and colors to make your site looks pretty\n3. allow user to post video for example only from 'youtube.com'\n4. disable images arranged not on your own site\n\n\nValid HTML\n----------\n\nThis is application for making valid HTML:\n\n1. remove incorrect tags, attributes, css-properties and css-values not allowed to this property\n2. check and remove broken link, and do some more things with them\n\nFor example you can:\n\n1. make all your content w3c valid\n2. remove broken links to other sites\n3. remove host name from links to you site.\n\n\nCustom\n------\n\nYou can:\n\n1. choose one of presets\n2. specify settings of validation\n3. customize rules of validation\n\nInstallation:\n=============\n\n1. Put ``trustedhtml`` in to your ``INSTALLED_APPS`` in your ``settings.py`` within your django project.\n\n2. Sync your database::\n\n ./manage.py syncdb\n\n3. Customize settings in your ``settings.py``.\n\nTo learn more about settings read ``trustedhtml/settings.py``. \n\n\nRequirements:\n=============\n\nDjango 1.3+ is required.\nFor Django < 1.3 please check out django-trusted-html 0.1.2.\n\n\nUsage:\n======\n\nIn your models:\n---------------\n\n1. You can use TrustedField in your model ::\n\n\tfrom trustedhtml.fields import TrustedTextField\n\n\tclass MyModel(models.Model):\n\t html = TrustedTextField()\n\nAlso you can specify one of predefined validators ::\n\n\tfrom trustedhtml.rules import full, normal, pretty\n\tfrom trustedhtml.fields import TrustedTextField\n\n\tclass MyModel(models.Model):\n\t html = TrustedTextField(validator=pretty)\n\n``trustedhtml.rules.full`` rule will safe all html tags and css style described by w3c.\n\n``trustedhtml.rules.normal`` rule will remove dangerous html element, or elements that can break you design.\n\n``trustedhtml.rules.pretty`` rule also will remove colors, fonts, aligns, margins and other css and html attributes.\n\nBy the way, if you have django-tinymce in INSTALLED_APPS, than you can use TrustedHTMLField.\n\n2. You can validate html before it will be saved::\n\n\tfrom trustedhtml.rules import pretty\n\n\tclass MyModel(models.Model):\n\t html = models.TextField()\n\t def save(self, *args, **kwargs):\n\t self.html = pretty.validate(self.html)\n\t super(MyModel, self).save(*args, **kwargs)\n\nOr::\n\n\tfrom trustedhtml.rules import pretty\n\tfrom someapp.models import SomeModel\n\n\tdef content_save(sender, instance, **kwargs):\n\t instance.content = pretty.validate(instance.content)\n\n\tpre_save.connect(content_save, sender=SomeModel)\n\n3. You can validate html by using widget::\n\n\tfrom django import forms\n\tfrom trustedhtml.widgets import TrustedTextarea\n\n\tclass FormField(forms.TextField):\n\t\twidget = TrustedTextarea\n\nIf you are using django-pages-cms, you can just use TrustedWidget in templates::\n\n\t{% placeholder main_content with TrustedTextarea %}\n\nOr for older versions of django-pages-cms::\n\n\t{% placeholder main_content with trustedhtml.widgets.TrustedTextarea %}\n\t\nAlso if you are using TinyMCE::\n\n {% placeholder main_content with trustedhtml.widgets.TrustedTinyMCE %}\n\nOr for older versions of django-pages-cms::\n\n {% placeholder main_content with TrustedTinyMCE %}\n \n\n4. You can just ask trusted html to validate specified fields in specified models.\n\nIn some application::\n\n\tclass SomeModel(models.Model):\n\t\tname = models.CharField(max_length=100)\n\t description = models.TextField()\n\nIn your ``settings.py``::\n\n\tTRUSTEDHTML_MODELS = [\n\t {\n\t 'model': 'someapp.models.SomeModel',\n\t 'fields': ['description', ],\n\t },\n ]\n\nChangelog:\n----------\n\n* 0.1.0 - Initial release\n* 0.1.1 - Allow