Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
from model_utils.models import TimeStampedModel
from crate.fields import JSONField
from crate.utils.datatools import track_data
from packages.evaluators import ReleaseEvaluator
from packages.utils import verlib
ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
"br", "img", "span", "div", "pre", "p",
"dl", "dd", "dt", "tt", "cite",
"h1", "h2", "h3", "h4", "h5", "h6",
"table", "col", "tr", "td", "th", "tbody", "thead",
"colgroup",
]
ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES.items())
ALLOWED_ATTRIBUTES.update({
"img": ["src"],
})
# Get the Storage Engine for Packages
if getattr(settings, "PACKAGE_FILE_STORAGE", None):
mod_name, engine_name = settings.PACKAGE_FILE_STORAGE.rsplit(".", 1)
mod = import_module(mod_name)
package_storage = getattr(mod, engine_name)(**getattr(settings, "PACKAGE_FILE_STORAGE_OPTIONS", {}))
else:
package_storage = None
def release_file_upload_to(instance, filename):
dsplit = instance.digest.split("$")
if len(dsplit) == 2:
from model_utils.fields import AutoCreatedField, AutoLastModifiedField
from model_utils.models import TimeStampedModel
from crate.web.packages.evaluators import ReleaseEvaluator
from crate.web.packages.utils import verlib
from crate.web.packages.utils.datatools import track_data
ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
"br", "img", "span", "div", "pre", "p",
"dl", "dd", "dt", "tt", "cite",
"h1", "h2", "h3", "h4", "h5", "h6",
"table", "col", "tr", "td", "th", "tbody", "thead",
"colgroup",
]
ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES.items())
ALLOWED_ATTRIBUTES.update({
"img": ["src"],
"span": ["class"],
})
# Get the Storage Engine for Packages
if getattr(settings, "PACKAGE_FILE_STORAGE", None):
mod_name, engine_name = settings.PACKAGE_FILE_STORAGE.rsplit(".", 1)
mod = import_module(mod_name)
package_storage = getattr(mod, engine_name)(**getattr(settings, "PACKAGE_FILE_STORAGE_OPTIONS", {}))
else:
package_storage = None
def release_file_upload_to(instance, filename):
dsplit = instance.digest.split("$")
'dt',
'dd',
] + ['h{}'.format(n) for n in range(1, 7)]
#: List of allowed tags in Markdown article contents.
MARKDOWN_HTML_WHITELIST = _default_tag_whitelists
MARKDOWN_HTML_WHITELIST += (
getattr(
django_settings,
'WIKI_MARKDOWN_HTML_WHITELIST',
[]
)
)
_default_attribute_whitelist = bleach.ALLOWED_ATTRIBUTES
for tag in MARKDOWN_HTML_WHITELIST:
if tag not in _default_attribute_whitelist:
_default_attribute_whitelist[tag] = []
_default_attribute_whitelist[tag].append('class')
_default_attribute_whitelist[tag].append('id')
_default_attribute_whitelist[tag].append('target')
_default_attribute_whitelist[tag].append('rel')
_default_attribute_whitelist['img'].append('src')
_default_attribute_whitelist['img'].append('alt')
#: Dictionary of allowed attributes in Markdown article contents.
MARKDOWN_HTML_ATTRIBUTES = _default_attribute_whitelist
MARKDOWN_HTML_ATTRIBUTES.update(
getattr(
django_settings,
def md(value, wiki_p_id = ""):
"wiki_p_id is the project id and should only be present when rendering a wiki page. This is used to generate the 'wikilinks'."
allowed_tags = bleach.ALLOWED_TAGS + ['br', 'caption', 'colgroup', 'div', 'figcaption', 'figure', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr',
'iframe', 'img', 'mathjax', 'p', 'pre', 'span', 'style', 'sub', 'sup','table', 'tbody', 'tfoot',
'td', 'th', 'thead', 'tr']
allowed_attrs = dict(bleach.ALLOWED_ATTRIBUTES.items() +
{'*' : ['class', 'id', 'align', 'style', 'role', 'data-target', 'data-ride', 'data-slide-to', 'data-slide', 'data-interval'],
'img': ['alt', 'src', 'title', 'width', 'height'],
'iframe' : ['width', 'height', 'src', 'frameborder', 'allowfullscreen'],
'style' : ['type']}.items())
value = re.sub(DOI_REGEXP, make_doi_link, value) # doi links
if wiki_p_id: value = re.sub(WIKILINKS_RE, make_sub_repl(wiki_p_id), value)
value = markdown.markdown(value, extensions = ['extra', 'toc(title=Contents)', 'nl2br', 'mathjax', 'tables', 'codehilite'])
value = bleach.clean(value, tags = allowed_tags, attributes = allowed_attrs)
return value
import bleach
from django import template
from django.conf import settings
from django.utils.safestring import mark_safe
register = template.Library()
tags = getattr(settings, 'BLEACH_ALLOWED_TAGS', bleach.ALLOWED_TAGS)
attributes = getattr(settings, 'BLEACH_ALLOWED_ATTRIBUTES',
bleach.ALLOWED_ATTRIBUTES)
def bleach_value(value):
bleached_value = bleach.clean(value, tags=tags, attributes=attributes)
return mark_safe(bleached_value)
register.filter('bleach', bleach_value)
import bleach
from style_stripper import strip_styles
allowed_tags = bleach.ALLOWED_TAGS + ['p', 'h1', 'h2', 'h3', 'h4', 'h5', ]
allowed_attributes = bleach.ALLOWED_ATTRIBUTES.copy()
allowed_attributes['a'] = bleach.ALLOWED_ATTRIBUTES['a'] + ['name']
def clean_word_text(text):
text = strip_styles(text)
text = bleach.clean(text,
tags=allowed_tags,
strip=True,
attributes=allowed_attributes)
return text
import bleach
#
# List of valid tags to pass through the sanitizer
#
TAG_WHITELIST = bleach.ALLOWED_TAGS + [
'h1', 'h2', 'h3', 'h4', 'h5', 'h6' 'img', 'div', 'span', 'p',
]
#
# Valid attributes in each tag
#
attrs = bleach.ALLOWED_ATTRIBUTES
ATTR_WHITELIST = dict(attrs, **{
'a': attrs['a'] + ['up-target', 'up-modal', 'up-instant', 'up-preload', 'up-prefetch']
})
del attrs
def sanitize_html(html):
"""
Convert a string of user HTML in safe html.
"""
return bleach.clean(html, tags=TAG_WHITELIST, attributes=ATTR_WHITELIST)
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser',
)
}
##########################################################################
#
# Bleach settings
#
##########################################################################
import bleach
ALLOWED_HTML_TAGS = bleach.ALLOWED_TAGS + ['h1', 'h2', 'h3', 'p', 'img']
ALLOWED_HTML_ATTRS = bleach.ALLOWED_ATTRIBUTES
ALLOWED_HTML_ATTRS.update({
'img': ['src', 'alt'],
})
##########################################################################
#
# Crispy settings
#
##########################################################################
CRISPY_TEMPLATE_PACK = 'bootstrap3'
##########################################################################
#
# Celery settings
import markdown
import translitcodec # this is NOT unused. it needs to be imported to register the codec.
from html2text import HTML2Text
from jinja2.filters import do_striptags
from lxml import etree, html
from markupsafe import Markup, escape
from speaklater import _LazyString, is_lazy_string
from sqlalchemy import ForeignKeyConstraint, inspect
# basic list of tags, used for markdown content
BLEACH_ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
'sup', 'sub', 'small', 'br', 'p', 'table', 'thead', 'tbody', 'th', 'tr', 'td', 'img', 'hr', 'h1', 'h2', 'h3', 'h4',
'h5', 'h6', 'pre', 'dl', 'dd', 'dt'
]
BLEACH_ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES, img=['src', 'alt', 'style'])
# extended list of tags, used for HTML content
BLEACH_ALLOWED_TAGS_HTML = BLEACH_ALLOWED_TAGS + [
'address', 'area', 'bdo', 'big', 'caption', 'center', 'cite', 'col', 'colgroup', 'del', 'dfn', 'dir', 'div',
'fieldset', 'font', 'ins', 'kbd', 'legend', 'map', 'menu', 'q', 's', 'samp', 'span', 'strike', 'tfoot', 'tt', 'u',
'var'
]
# yuck, this is ugly, but all these attributes were allowed in legacy...
BLEACH_ALLOWED_ATTRIBUTES_HTML = dict(BLEACH_ALLOWED_ATTRIBUTES, **{'*': [
'align', 'abbr', 'alt', 'border', 'bgcolor', 'class', 'cellpadding', 'cellspacing', 'color', 'char', 'charoff',
'cite', 'clear', 'colspan', 'compact', 'dir', 'disabled', 'face', 'href', 'height', 'headers', 'hreflang', 'hspace',
'id', 'ismap', 'lang', 'name', 'noshade', 'nowrap', 'rel', 'rev', 'rowspan', 'rules', 'size', 'scope', 'shape',
'span', 'src', 'start', 'style', 'summary', 'tabindex', 'target', 'title', 'type', 'valign', 'value', 'vspace',
'width', 'wrap'
]})
BLEACH_ALLOWED_STYLES_HTML = [
'background-color', 'border-top-color', 'border-top-style', 'border-top-width', 'border-top', 'border-right-color',