def bleach_html( html, tags=ALLOWED_TAGS, attrs=ALLOWED_ATTRIBUTES, styles=ALLOWED_STYLES, ): return bleach_clean( html, tags=tags, attributes=attrs, styles=styles, )
def bleach_html(html, tags=None, attrs=None, styles=None): try: from bleach import clean as bleach_clean from bleach.sanitizer import (ALLOWED_TAGS, ALLOWED_ATTRIBUTES, ALLOWED_STYLES) except ImportError: raise else: tags = tags or ALLOWED_TAGS attrs = attrs or ALLOWED_ATTRIBUTES styles = styles or ALLOWED_STYLES return bleach_clean( html, tags=tags, attributes=attrs, styles=styles, )
def validate_content(self, content: dict): if type(content) != dict or 'ops' not in content: raise serializers.ValidationError('Bad format of data.') ''' Iterate over quill prepared objects. Each object can contain: - insert key with plain text data - attributes (describe format of insert like bold) with insert ''' size = 0 for obj in content['ops']: if 'insert' in obj: size += len(obj['insert']) obj['insert'] = bleach_clean(obj['insert']) if size > MAX_COMMENT_SIZE: raise serializers.ValidationError( f'Article too long! Max {MAX_COMMENT_SIZE} characters allowed') return content
def render(text): formatted_html = markdown( text, extensions=[ 'markdown.extensions.extra', 'markdown.extensions.codehilite', 'markdown.extensions.nl2br', 'markdown.extensions.sane_lists', 'markdown.extensions.toc', 'markdown.extensions.wikilinks' ], output_format='html5') # Sanitizing html with bleach to avoid code injection sanitized_html = bleach_clean( formatted_html, # Allowed tags, attributes and styles tags=[ 'p', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'tt', 'pre', 'em', 'strong', 'ul', 'li', 'dl', 'dd', 'dt', 'code', 'img', 'a', 'table', 'tr', 'th', 'td', 'tbody', 'caption', 'colgroup', 'thead', 'tfoot', 'blockquote', 'ol', 'hr', 'br', "sub", "sup" ], attributes={ '*': ['class', 'style', 'id'], 'a': ['href', 'target', 'rel'], 'img': ['src', 'alt'], 'tr': ['rowspan', 'colspan'], 'td': ['rowspan', 'colspan', 'align'] }, styles=[ 'color', 'background-color', 'font-family', 'font-weight', 'font-size', 'width', 'height', 'text-align', 'border', 'border-top', 'border-bottom', 'border-left', 'border-right', 'padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right', 'margin', 'margin-top', 'margin-bottom', 'margin-left', 'margin-right' ]) return mark_safe(sanitized_html)
def bleach(s): return bleach_clean(s, tags=ALLOWED_TAGS + ['p', 'pre', 'img'])
def markdown(value): return mark_safe(markdownify(bleach_clean(value)))
def validate_address(self, address): return bleach_clean(address)
def validate_name(self, name): return bleach_clean(name)
def render(text): formatted_html = markdown( text, extensions=[ 'pymdownx.arithmatex', 'pymdownx.highlight', 'pymdownx.caret', 'pymdownx.mark', 'pymdownx.tilde', 'pymdownx.progressbar', 'pymdownx.smartsymbols', 'pymdownx.tasklist', # contains: pymdownx.betterem, pymdownx.superfences, markdown.extensions.footnotes, # markdown.extensions.attr_list, markdown.extensions.def_list, markdown.extensions.tables # markdown.extensions.abbr, pymdownx.extrarawhtml 'pymdownx.extra', 'markdown.extensions.meta', 'markdown.extensions.nl2br', 'markdown.extensions.sane_lists', 'markdown.extensions.smarty', 'markdown.extensions.toc', 'markdown.extensions.wikilinks', ], extension_configs={ # settings to switch from MathJax to KaTex 'pymdownx.arithmatex': { 'generic': True, 'preview': False, }, 'pymdownx.highlight': { 'use_pygments': False, 'css_class': 'highlight line-numbers' }, 'pymdownx.extra': { 'pymdownx.superfences': { 'custom_fences': [ { 'name': 'flow', 'class': 'uml-flowchart', 'format': superfences.fence_div_format }, { 'name': 'sequence', 'class': 'uml-sequence-diagram', 'format': superfences.fence_div_format }, { 'name': 'math', 'class': 'arithmatex', 'format': arithmatex.inline_generic_format }, ] } } }, output_format='html5') # Sanitizing html with bleach to avoid code injection sanitized_html = bleach_clean( formatted_html, # Allowed tags, attributes and styles tags=[ 'p', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'tt', 'pre', 'em', 'strong', 'ul', 'li', 'dl', 'dd', 'dt', 'code', 'img', 'a', 'table', 'tr', 'th', 'td', 'tbody', 'caption', 'colgroup', 'thead', 'tfoot', 'blockquote', 'ol', 'hr', 'br', 'sub', 'sup', 'strike', 'del', 'mark', 'input', 'label', #'script' ], attributes={ '*': ['class', 'style', 'id'], 'a': ['href', 'target', 'rel'], 'img': ['src', 'alt'], 'tr': ['rowspan', 'colspan'], 'td': ['rowspan', 'colspan', 'align'], 'input': ['name', 'type', 'disabled', 'checked', 'id'], 'ul': ['class'], 'li': ['class'], 'div': ['class'], 'span': ['class'], 'label': ['for'], #'script': ['type', 'mode'], }, styles=[ 'color', 'background-color', 'font-family', 'font-weight', 'font-size', 'width', 'height', 'text-align', 'border', 'border-top', 'border-bottom', 'border-left', 'border-right', 'padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right', 'margin', 'margin-top', 'margin-bottom', 'margin-left', 'margin-right' ]) return mark_safe(sanitized_html)
def metaex_clean_html(text): return bleach_clean(text, tags=[], strip=True)
def validate_title(self, title): return bleach_clean(title)