1. Advisor
  2. bleach
  3. functions
  4. bleach.ALLOWED_TAGS
View all bleach analysis

How to use the bleach.ALLOWED_TAGS function in bleach

To help you get started, we’ve selected a few bleach examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github crateio / crate.web / crate / web / packages / models.py View on Github external
from django.db.models.signals import post_save, post_delete
from django.dispatch import receiver
from django.utils.encoding import smart_str, force_unicode
from django.utils.importlib import import_module
from django.utils.timezone import now
from django.utils.translation import ugettext_lazy as _

from model_utils import Choices
from model_utils.fields import AutoCreatedField, AutoLastModifiedField
from model_utils.models import TimeStampedModel

from crate.web.packages.evaluators import ReleaseEvaluator
from crate.web.packages.utils import verlib
from crate.web.packages.utils.datatools import track_data

ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
                    "br", "img", "span", "div", "pre", "p",
                    "dl", "dd", "dt", "tt", "cite",
                    "h1", "h2", "h3", "h4", "h5", "h6",
                    "table", "col", "tr", "td", "th", "tbody", "thead",
                    "colgroup",
                ]

ALLOWED_ATTRIBUTES = dict(bleach.ALLOWED_ATTRIBUTES.items())
ALLOWED_ATTRIBUTES.update({
    "img": ["src"],
    "span": ["class"],
})

# Get the Storage Engine for Packages
if getattr(settings, "PACKAGE_FILE_STORAGE", None):
    mod_name, engine_name = settings.PACKAGE_FILE_STORAGE.rsplit(".", 1)
github kylewm / woodwind / woodwind / util.py View on Github external
import pickle
import re
from xml.sax import saxutils

from flask import current_app
from redis import StrictRedis
import bleach
import requests

redis = StrictRedis()

bleach.ALLOWED_TAGS += [
    'a', 'img', 'p', 'br', 'marquee', 'blink',
    'audio', 'video', 'source', 'table', 'tbody', 'td', 'tr', 'div', 'span',
    'pre', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
]

bleach.ALLOWED_ATTRIBUTES.update({
    'img': ['src', 'alt', 'title'],
    'audio': ['preload', 'controls', 'src'],
    'video': ['preload', 'controls', 'src', 'poster'],
    'source': ['type', 'src'],
    'td': ['colspan'],
})

USER_AGENT = 'Woodwind (https://github.com/kylewm/woodwind)'
github Pagure / pagure / pagure / lib / __init__.py View on Github external
bleach_v[idx] = val

    attrs = bleach.ALLOWED_ATTRIBUTES.copy()
    attrs['table'] = ['class']
    attrs['span'] = ['class', 'id']
    attrs['div'] = ['class']
    attrs['td'] = ['align']
    attrs['th'] = ['align']
    if not ignore or 'img' not in ignore:
        # newer bleach need three args for attribute callable
        if tuple(bleach_v) >= (2, 0, 0):  # pragma: no cover
            attrs['img'] = lambda tag, name, val: filter_img_src(name, val)
        else:
            attrs['img'] = filter_img_src

    tags = bleach.ALLOWED_TAGS + [
        'p', 'br', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
        'table', 'td', 'tr', 'th', 'thead', 'tbody',
        'col', 'pre', 'img', 'hr', 'dl', 'dt', 'dd', 'span',
        'kbd', 'var', 'del', 'cite',
    ]
    if ignore:
        for tag in ignore:
            if tag in tags:
                tags.remove(tag)

    kwargs = {
        'tags': tags,
        'attributes': attrs
    }

    # newer bleach allow to customize the protocol supported
github benadida / helios-server / helios / models.py View on Github external
  @property
  def description_bleached(self):
    return bleach.clean(self.description, tags = bleach.ALLOWED_TAGS + ['p', 'h4', 'h5', 'h3', 'h2', 'br', 'u'])
github msolomon / gus / gus / gus_emailer / models.py View on Github external
if r.endswith(settings.EMAIL_SUFFIX):
                    gus_recip.append(r[:-len(settings.EMAIL_SUFFIX)])
            recip = [r for r in recip if r not in gus_recip]
            
            try:
                date = parse(re.search('date:([^\n]*)\n', 
                                 v['BODY[HEADER]'], re.I).group(1).strip())
                t = date.utcoffset()
                date = date.replace(tzinfo=None) - t
            except Exception, e:
                logging.debug(e)
                date = None
            
            # store the email in the DB
            em = DBEmail()
            em.fill(v['BODY[HEADER]'], bleach.clean(v['BODY[TEXT]'], tags=bleach.ALLOWED_TAGS+["p", "h1", "h2", "h3", "h4", "h5", "h6"]), date,
                    message.from_email, recip, gus_recip)
            
            # now delete from server
            server.add_flags(k, ['\Deleted'])
        server.logout()
github mdn / kuma / kuma / wiki / constants.py View on Github external
import re

import bleach
from django.conf import settings
from django.utils.six.moves.urllib.parse import urlparse, urlunparse
from django.utils.translation import ugettext_lazy as _


ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
    'div', 'span', 'p', 'br', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
    'pre', 'code', 'cite',
    'dl', 'dt', 'dd', 'small', 'sub', 'sup', 'u', 'strike', 'samp', 'abbr',
    'ul', 'ol', 'li',
    'nobr', 'dfn', 'caption', 'var', 's',
    'i', 'img', 'hr',
    'input', 'label', 'select', 'option', 'textarea',
    # Note:
github mdn / kuma / kuma / wiki / constants.py View on Github external
import re

import bleach
from django.conf import settings
from django.utils.six.moves.urllib.parse import urlparse, urlunparse
from django.utils.translation import ugettext_lazy as _


ALLOWED_TAGS = bleach.ALLOWED_TAGS + [
    'div', 'span', 'p', 'br', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
    'pre', 'code', 'cite',
    'dl', 'dt', 'dd', 'small', 'sub', 'sup', 'u', 'strike', 'samp', 'abbr',
    'ul', 'ol', 'li',
    'nobr', 'dfn', 'caption', 'var', 's',
    'i', 'img', 'hr',
    'input', 'label', 'select', 'option', 'textarea',
    # Note:
github Sefaria / Sefaria-Project / sefaria / model / abstract.py View on Github external
class AbstractMongoRecord(object):
    """
    AbstractMongoRecord - superclass of classes representing mongo records.
    "collection" attribute is set on subclass
    """
    collection = None  # name of MongoDB collection
    id_field = "_id"  # Mongo ID field
    criteria_field = "_id"  # Primary ID used to find existing records
    criteria_override_field = None  # If a record type uses a different primary key (such as 'title' for Index records), and the presence of an override field in a save indicates that the primary attribute is changing ("oldTitle" in Index records) then this class attribute has that override field name used.
    required_attrs = []  # list of names of required attributes
    optional_attrs = []  # list of names of optional attributes
    track_pkeys = False
    pkeys = []   # list of fields that others may depend on
    history_noun = None  # Label for history records
    ALLOWED_TAGS = bleach.ALLOWED_TAGS + ["p", "br"]  # not sure why p/br isn't included. dont see any security risks
    ALLOWED_ATTRS = bleach.ALLOWED_ATTRIBUTES

    def __init__(self, attrs=None):
        if attrs is None:
            attrs = {}
        self._init_defaults()
        self.pkeys_orig_values = {}
        self.load_from_dict(attrs, True)
            
    def load_by_id(self, _id=None):
        if _id is None:
            raise Exception(type(self).__name__ + ".load() expects an _id as an argument. None provided.")

        if isinstance(_id, basestring):
            # allow _id as either string or ObjectId
            _id = ObjectId(_id)
github mozilla / kitsune / kitsune / sumo / templatetags / jinja_helpers.py View on Github external
import jinja2
from babel import localedata
from babel.dates import format_date, format_time, format_datetime
from babel.numbers import format_decimal
from django_jinja import library
from jinja2.utils import Markup
from pytz import timezone

from kitsune.sumo import parser
from kitsune.sumo.urlresolvers import reverse
from kitsune.users.models import Profile
from kitsune.products.models import Product
from kitsune.wiki.showfor import showfor_data as _showfor_data


ALLOWED_BIO_TAGS = bleach.ALLOWED_TAGS + ['p']
ALLOWED_BIO_ATTRIBUTES = bleach.ALLOWED_ATTRIBUTES.copy()
# allow rel="nofollow"
ALLOWED_BIO_ATTRIBUTES['a'].append('rel')
log = logging.getLogger('k.helpers')


class DateTimeFormatError(Exception):
    """Called by the datetimeformat function when receiving invalid format."""
    pass


@library.filter
def paginator(pager):
    """Render list of pages."""
    return Paginator(pager).render()
github Pagure / pagure / pagure / lib / __init__.py View on Github external
def clean_input(text, ignore=None):
    """ For a given html text, escape everything we do not want to support
    to avoid potential security breach.
    """
    if ignore and not isinstance(ignore, (tuple, set, list)):
        ignore = [ignore]

    attrs = bleach.ALLOWED_ATTRIBUTES.copy()
    attrs['table'] = ['class']
    attrs['span'] = ['class', 'id']
    attrs['div'] = ['class']
    if not ignore or 'img' not in ignore:
        attrs['img'] = filter_img_src

    tags = bleach.ALLOWED_TAGS + [
        'p', 'br', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
        'table', 'td', 'tr', 'th', 'thead', 'tbody',
        'col', 'pre', 'img', 'hr', 'dl', 'dt', 'dd', 'span',
        'kbd', 'var', 'del', 'cite',
    ]
    if ignore:
        for tag in ignore:
            if tag in tags:
                tags.remove(tag)

    kwargs = {
        'tags': tags,
        'attributes': attrs
    }

    # newer bleach allow to customize the protocol supported

bleach

An easy safelist-based HTML-sanitizing tool.

GitHub
Apache-2.0
Latest version published 7 months ago

Package Health Score

96 / 100
Full package analysis

Popular bleach functions

Similar packages