def bleach_html(
html,
tags=ALLOWED_TAGS,
attrs=ALLOWED_ATTRIBUTES,
styles=ALLOWED_STYLES,
):
return bleach_clean(
html,
tags=tags,
attributes=attrs,
styles=styles,
)
def bleach_html(html, tags=None, attrs=None, styles=None):
try:
from bleach import clean as bleach_clean
from bleach.sanitizer import (ALLOWED_TAGS, ALLOWED_ATTRIBUTES,
ALLOWED_STYLES)
except ImportError:
raise
else:
tags = tags or ALLOWED_TAGS
attrs = attrs or ALLOWED_ATTRIBUTES
styles = styles or ALLOWED_STYLES
return bleach_clean(
html,
tags=tags,
attributes=attrs,
styles=styles,
)
def validate_content(self, content: dict):
if type(content) != dict or 'ops' not in content:
raise serializers.ValidationError('Bad format of data.')
'''
Iterate over quill prepared objects.
Each object can contain:
- insert key with plain text data
- attributes (describe format of insert like bold) with insert
'''
size = 0
for obj in content['ops']:
if 'insert' in obj:
size += len(obj['insert'])
obj['insert'] = bleach_clean(obj['insert'])
if size > MAX_COMMENT_SIZE:
raise serializers.ValidationError(
f'Article too long! Max {MAX_COMMENT_SIZE} characters allowed')
return content
def render(text):
formatted_html = markdown(
text,
extensions=[
'markdown.extensions.extra', 'markdown.extensions.codehilite',
'markdown.extensions.nl2br', 'markdown.extensions.sane_lists',
'markdown.extensions.toc', 'markdown.extensions.wikilinks'
],
output_format='html5')
# Sanitizing html with bleach to avoid code injection
sanitized_html = bleach_clean(
formatted_html,
# Allowed tags, attributes and styles
tags=[
'p', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'tt',
'pre', 'em', 'strong', 'ul', 'li', 'dl', 'dd', 'dt', 'code', 'img',
'a', 'table', 'tr', 'th', 'td', 'tbody', 'caption', 'colgroup',
'thead', 'tfoot', 'blockquote', 'ol', 'hr', 'br', "sub", "sup"
],
attributes={
'*': ['class', 'style', 'id'],
'a': ['href', 'target', 'rel'],
'img': ['src', 'alt'],
'tr': ['rowspan', 'colspan'],
'td': ['rowspan', 'colspan', 'align']
},
styles=[
'color', 'background-color', 'font-family', 'font-weight',
'font-size', 'width', 'height', 'text-align', 'border',
'border-top', 'border-bottom', 'border-left', 'border-right',
'padding', 'padding-top', 'padding-bottom', 'padding-left',
'padding-right', 'margin', 'margin-top', 'margin-bottom',
'margin-left', 'margin-right'
])
return mark_safe(sanitized_html)
def bleach(s):
return bleach_clean(s, tags=ALLOWED_TAGS + ['p', 'pre', 'img'])
def markdown(value):
return mark_safe(markdownify(bleach_clean(value)))
def validate_address(self, address):
return bleach_clean(address)
def validate_name(self, name):
return bleach_clean(name)
def render(text):
formatted_html = markdown(
text,
extensions=[
'pymdownx.arithmatex',
'pymdownx.highlight',
'pymdownx.caret',
'pymdownx.mark',
'pymdownx.tilde',
'pymdownx.progressbar',
'pymdownx.smartsymbols',
'pymdownx.tasklist',
# contains: pymdownx.betterem, pymdownx.superfences, markdown.extensions.footnotes,
# markdown.extensions.attr_list, markdown.extensions.def_list, markdown.extensions.tables
# markdown.extensions.abbr, pymdownx.extrarawhtml
'pymdownx.extra',
'markdown.extensions.meta',
'markdown.extensions.nl2br',
'markdown.extensions.sane_lists',
'markdown.extensions.smarty',
'markdown.extensions.toc',
'markdown.extensions.wikilinks',
],
extension_configs={
# settings to switch from MathJax to KaTex
'pymdownx.arithmatex': {
'generic': True,
'preview': False,
},
'pymdownx.highlight': {
'use_pygments': False,
'css_class': 'highlight line-numbers'
},
'pymdownx.extra': {
'pymdownx.superfences': {
'custom_fences': [
{
'name': 'flow',
'class': 'uml-flowchart',
'format': superfences.fence_div_format
},
{
'name': 'sequence',
'class': 'uml-sequence-diagram',
'format': superfences.fence_div_format
},
{
'name': 'math',
'class': 'arithmatex',
'format': arithmatex.inline_generic_format
},
]
}
}
},
output_format='html5')
# Sanitizing html with bleach to avoid code injection
sanitized_html = bleach_clean(
formatted_html,
# Allowed tags, attributes and styles
tags=[
'p',
'div',
'span',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'tt',
'pre',
'em',
'strong',
'ul',
'li',
'dl',
'dd',
'dt',
'code',
'img',
'a',
'table',
'tr',
'th',
'td',
'tbody',
'caption',
'colgroup',
'thead',
'tfoot',
'blockquote',
'ol',
'hr',
'br',
'sub',
'sup',
'strike',
'del',
'mark',
'input',
'label',
#'script'
],
attributes={
'*': ['class', 'style', 'id'],
'a': ['href', 'target', 'rel'],
'img': ['src', 'alt'],
'tr': ['rowspan', 'colspan'],
'td': ['rowspan', 'colspan', 'align'],
'input': ['name', 'type', 'disabled', 'checked', 'id'],
'ul': ['class'],
'li': ['class'],
'div': ['class'],
'span': ['class'],
'label': ['for'],
#'script': ['type', 'mode'],
},
styles=[
'color', 'background-color', 'font-family', 'font-weight',
'font-size', 'width', 'height', 'text-align', 'border',
'border-top', 'border-bottom', 'border-left', 'border-right',
'padding', 'padding-top', 'padding-bottom', 'padding-left',
'padding-right', 'margin', 'margin-top', 'margin-bottom',
'margin-left', 'margin-right'
])
return mark_safe(sanitized_html)
def metaex_clean_html(text):
return bleach_clean(text, tags=[], strip=True)
def validate_title(self, title):
return bleach_clean(title)
