def to_html(stream):
"""Transform an stream of markdown into safe HTML."""
config = {
'safe_mode': 'escape',
'enable_attributes': False,
}
stream = force_text(stream)
return sanitize(markdown.markdown(stream, ['nl2br'], **config))
def clean_stream(stream):
parser = HTMLParser.HTMLParser()
replacement_list = [
('<p></p>', ''),
]
stream = unicode(parser.unescape(force_text(stream)))
stream = sanitizer.sanitize(stream)
for o, d in replacement_list:
stream = stream.replace(o, d)
return stream
def clean_content(self):
if 'content' in self.cleaned_data:
return sanitizer.sanitize(self.cleaned_data['content'])
def test_valid_text_is_not_modified(self):
text = u'<p>Hello!</p>'
output = sanitizer.sanitize(text)
eq_(output, '<p>Hello!</p>')
def test_script_tags_are_removed(self):
text = u'<script>alert(0);</script>'
output = sanitizer.sanitize(text)
eq_(output, u'alert(0);')
def test_harmful_link_is_removed(self):
text = u'<a href="javascript:alert(0);">Link</a>'
output = sanitizer.sanitize(text)
eq_(output, '<a>Link</a>')
def test_invalid_tag_is_removed(self):
text = u'<p><font size="20">Hello!</font></p>'
output = sanitizer.sanitize(text)
eq_(output, '<p>Hello!</p>')
def save(self, *args, **kwargs):
if self.body:
self.body = sanitizer.sanitize(self.body)
return super(Snippet, self).save(*args, **kwargs)
