-
- GitHub
- GitLab
- Bitbucket
-
By logging in you accept
our terms of service
and privacy policy
Django template filter application for sanitizing user submitted HTML
Homepage Repository PyPI Python
pip install django-sanitizer==0.4.1
**NOTE: Please try to break this and tell me where it is insufficent.**
Allows only whitelisted tags and attributes through.
The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.
For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:
ALLOWED_TAGS = "a:href,name"
In your templates, sanitizing is easy.
{% load sanitizer %}
{{ user_comment|allowtags|safe }}
{{ user_comment|allowtags:"b i"|safe }}
Disallowed tags or attributes are simply removed.
In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.
{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}
The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.
Learn more →
Something wrong with this page? Make a suggestion
Export .ABOUT file for this package
Last synced: 2021-12-15 14:01:26 UTC
Login to resync this project