1. Advisor
  2. bleach
  3. functions
  4. bleach.ALLOWED_ATTRIBUTES
View all bleach analysis

How to use the bleach.ALLOWED_ATTRIBUTES function in bleach

To help you get started, we’ve selected a few bleach examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github crate-archive / crate-site / crate_project / apps / packages / models.py View on Github external
from model_utils.models import TimeStampedModel

from crate.fields import JSONField
from crate.utils.datatools import track_data
from packages.evaluators import ReleaseEvaluator
from packages.utils import verlib

ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
                    "br", "img", "span", "div", "pre", "p",
                    "dl", "dd", "dt", "tt", "cite",
                    "h1", "h2", "h3", "h4", "h5", "h6",
                    "table", "col", "tr", "td", "th", "tbody", "thead",
                    "colgroup",
                ]

ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES.items())
ALLOWED_ATTRIBUTES.update({
    "img": ["src"],
})

# Get the Storage Engine for Packages
if getattr(settings, "PACKAGE_FILE_STORAGE", None):
    mod_name, engine_name = settings.PACKAGE_FILE_STORAGE.rsplit(".", 1)
    mod = import_module(mod_name)
    package_storage = getattr(mod, engine_name)(**getattr(settings, "PACKAGE_FILE_STORAGE_OPTIONS", {}))
else:
    package_storage = None


def release_file_upload_to(instance, filename):
    dsplit = instance.digest.split("$")
    if len(dsplit) == 2:
github crateio / crate.web / crate / web / packages / models.py View on Github external
from model_utils.fields import AutoCreatedField, AutoLastModifiedField
from model_utils.models import TimeStampedModel

from crate.web.packages.evaluators import ReleaseEvaluator
from crate.web.packages.utils import verlib
from crate.web.packages.utils.datatools import track_data

ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
                    "br", "img", "span", "div", "pre", "p",
                    "dl", "dd", "dt", "tt", "cite",
                    "h1", "h2", "h3", "h4", "h5", "h6",
                    "table", "col", "tr", "td", "th", "tbody", "thead",
                    "colgroup",
                ]

ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES.items())
ALLOWED_ATTRIBUTES.update({
    "img": ["src"],
    "span": ["class"],
})

# Get the Storage Engine for Packages
if getattr(settings, "PACKAGE_FILE_STORAGE", None):
    mod_name, engine_name = settings.PACKAGE_FILE_STORAGE.rsplit(".", 1)
    mod = import_module(mod_name)
    package_storage = getattr(mod, engine_name)(**getattr(settings, "PACKAGE_FILE_STORAGE_OPTIONS", {}))
else:
    package_storage = None


def release_file_upload_to(instance, filename):
    dsplit = instance.digest.split("$")
github django-wiki / django-wiki / src / wiki / conf / settings.py View on Github external
'dt',
    'dd',
] + ['h{}'.format(n) for n in range(1, 7)]


#: List of allowed tags in Markdown article contents.
MARKDOWN_HTML_WHITELIST = _default_tag_whitelists
MARKDOWN_HTML_WHITELIST += (
    getattr(
        django_settings,
        'WIKI_MARKDOWN_HTML_WHITELIST',
        []
    )
)

_default_attribute_whitelist = bleach.ALLOWED_ATTRIBUTES
for tag in MARKDOWN_HTML_WHITELIST:
    if tag not in _default_attribute_whitelist:
        _default_attribute_whitelist[tag] = []
    _default_attribute_whitelist[tag].append('class')
    _default_attribute_whitelist[tag].append('id')
    _default_attribute_whitelist[tag].append('target')
    _default_attribute_whitelist[tag].append('rel')

_default_attribute_whitelist['img'].append('src')
_default_attribute_whitelist['img'].append('alt')

#: Dictionary of allowed attributes in Markdown article contents.
MARKDOWN_HTML_ATTRIBUTES = _default_attribute_whitelist
MARKDOWN_HTML_ATTRIBUTES.update(
    getattr(
        django_settings,
github andresgsaravia / research-engine / src / filters.py View on Github external
def md(value, wiki_p_id = ""):
    "wiki_p_id is the project id and should only be present when rendering a wiki page. This is used to generate the 'wikilinks'."
    allowed_tags = bleach.ALLOWED_TAGS + ['br', 'caption', 'colgroup', 'div', 'figcaption', 'figure', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr',
                                          'iframe', 'img', 'mathjax', 'p', 'pre', 'span', 'style', 'sub', 'sup','table', 'tbody', 'tfoot',
                                          'td', 'th', 'thead', 'tr']
    allowed_attrs = dict(bleach.ALLOWED_ATTRIBUTES.items() + 
                         {'*' : ['class', 'id', 'align', 'style', 'role', 'data-target', 'data-ride', 'data-slide-to', 'data-slide', 'data-interval'],
                          'img': ['alt', 'src', 'title', 'width', 'height'],
                          'iframe' : ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
                          'style' : ['type']}.items())
    value = re.sub(DOI_REGEXP, make_doi_link, value)     # doi links
    if wiki_p_id: value = re.sub(WIKILINKS_RE, make_sub_repl(wiki_p_id), value) 
    value = markdown.markdown(value, extensions = ['extra', 'toc(title=Contents)', 'nl2br', 'mathjax', 'tables', 'codehilite'])
    value = bleach.clean(value, tags = allowed_tags, attributes = allowed_attrs)
    return value
github mytardis / mytardis / tardis / tardis_portal / templatetags / bleach_tag.py View on Github external
import bleach

from django import template
from django.conf import settings
from django.utils.safestring import mark_safe

register = template.Library()

tags = getattr(settings, 'BLEACH_ALLOWED_TAGS', bleach.ALLOWED_TAGS)
attributes = getattr(settings, 'BLEACH_ALLOWED_ATTRIBUTES',
                     bleach.ALLOWED_ATTRIBUTES)


def bleach_value(value):
    bleached_value = bleach.clean(value, tags=tags, attributes=attributes)
    return mark_safe(bleached_value)

register.filter('bleach', bleach_value)
github dominicrodger / django-magazine / magazine / utils / word_cleaner.py View on Github external
import bleach
from style_stripper import strip_styles


allowed_tags = bleach.ALLOWED_TAGS + ['p', 'h1', 'h2', 'h3', 'h4', 'h5', ]
allowed_attributes = bleach.ALLOWED_ATTRIBUTES.copy()
allowed_attributes['a'] = bleach.ALLOWED_ATTRIBUTES['a'] + ['name']


def clean_word_text(text):
    text = strip_styles(text)

    text = bleach.clean(text,
                        tags=allowed_tags,
                        strip=True,
                        attributes=allowed_attributes)

    return text
github ejplatform / ej-server / src / ej_configurations / sanitizer.py View on Github external
import bleach

#
# List of valid tags to pass through the sanitizer
#
TAG_WHITELIST = bleach.ALLOWED_TAGS + [
    'h1', 'h2', 'h3', 'h4', 'h5', 'h6' 'img', 'div', 'span', 'p',
]

#
# Valid attributes in each tag
#
attrs = bleach.ALLOWED_ATTRIBUTES
ATTR_WHITELIST = dict(attrs, **{
    'a': attrs['a'] + ['up-target', 'up-modal', 'up-instant', 'up-preload', 'up-prefetch']
})
del attrs


def sanitize_html(html):
    """
    Convert a string of user HTML in safe html.
    """
    return bleach.clean(html, tags=TAG_WHITELIST, attributes=ATTR_WHITELIST)
github siggame / webserver / webserver / settings / defaults.py View on Github external
'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAdminUser',
    )
}


##########################################################################
#
# Bleach settings
#
##########################################################################
import bleach

ALLOWED_HTML_TAGS = bleach.ALLOWED_TAGS + ['h1', 'h2', 'h3', 'p', 'img']

ALLOWED_HTML_ATTRS = bleach.ALLOWED_ATTRIBUTES
ALLOWED_HTML_ATTRS.update({
        'img': ['src', 'alt'],
        })

##########################################################################
#
# Crispy settings
#
##########################################################################

CRISPY_TEMPLATE_PACK = 'bootstrap3'


##########################################################################
#
# Celery settings
github indico / indico / indico / util / string.py View on Github external
import markdown
import translitcodec  # this is NOT unused. it needs to be imported to register the codec.
from html2text import HTML2Text
from jinja2.filters import do_striptags
from lxml import etree, html
from markupsafe import Markup, escape
from speaklater import _LazyString, is_lazy_string
from sqlalchemy import ForeignKeyConstraint, inspect


# basic list of tags, used for markdown content
BLEACH_ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
    'sup', 'sub', 'small', 'br', 'p', 'table', 'thead', 'tbody', 'th', 'tr', 'td', 'img', 'hr', 'h1', 'h2', 'h3', 'h4',
    'h5', 'h6', 'pre', 'dl', 'dd', 'dt'
]
BLEACH_ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES, img=['src', 'alt', 'style'])
# extended list of tags, used for HTML content
BLEACH_ALLOWED_TAGS_HTML = BLEACH_ALLOWED_TAGS + [
    'address', 'area', 'bdo', 'big', 'caption', 'center', 'cite', 'col', 'colgroup', 'del', 'dfn', 'dir', 'div',
    'fieldset', 'font', 'ins', 'kbd', 'legend', 'map', 'menu', 'q', 's', 'samp', 'span', 'strike', 'tfoot', 'tt', 'u',
    'var'
]
# yuck, this is ugly, but all these attributes were allowed in legacy...
BLEACH_ALLOWED_ATTRIBUTES_HTML = dict(BLEACH_ALLOWED_ATTRIBUTES, **{'*': [
    'align', 'abbr', 'alt', 'border', 'bgcolor', 'class', 'cellpadding', 'cellspacing', 'color', 'char', 'charoff',
    'cite', 'clear', 'colspan', 'compact', 'dir', 'disabled', 'face', 'href', 'height', 'headers', 'hreflang', 'hspace',
    'id', 'ismap', 'lang', 'name', 'noshade', 'nowrap', 'rel', 'rev', 'rowspan', 'rules', 'size', 'scope', 'shape',
    'span', 'src', 'start', 'style', 'summary', 'tabindex', 'target', 'title', 'type', 'valign', 'value', 'vspace',
    'width', 'wrap'
]})
BLEACH_ALLOWED_STYLES_HTML = [
    'background-color', 'border-top-color', 'border-top-style', 'border-top-width', 'border-top', 'border-right-color',

bleach

An easy safelist-based HTML-sanitizing tool.

GitHub
Apache-2.0
Latest version published 7 months ago

Package Health Score

96 / 100
Full package analysis

Popular bleach functions

Similar packages