1. Advisor
  2. bleach
  3. functions
  4. bleach.sanitizer
View all bleach analysis

How to use the bleach.sanitizer function in bleach

To help you get started, we’ve selected a few bleach examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github lfos / aurweb / aurweb / scripts / rendercomment.py View on Github external
def main():
    commentid = int(sys.argv[1])

    conn = aurweb.db.Connection()

    text, pkgbase = get_comment(conn, commentid)
    html = markdown.markdown(text, extensions=['fenced_code',
                                               LinkifyExtension(),
                                               FlysprayLinksExtension(),
                                               GitCommitsExtension(pkgbase),
                                               HeadingExtension()])
    allowed_tags = (bleach.sanitizer.ALLOWED_TAGS +
                    ['p', 'pre', 'h4', 'h5', 'h6', 'br', 'hr'])
    html = bleach.clean(html, tags=allowed_tags)
    save_rendered_comment(conn, commentid, html)

    conn.commit()
    conn.close()
github pypa / readme_renderer / readme_renderer / clean.py View on Github external
def clean(html, tags=None, attributes=None, styles=None):
    if tags is None:
        tags = ALLOWED_TAGS
    if attributes is None:
        attributes = ALLOWED_ATTRIBUTES
    if styles is None:
        styles = ALLOWED_STYLES

    # Clean the output using Bleach
    cleaner = bleach.sanitizer.Cleaner(
        tags=tags,
        attributes=attributes,
        styles=styles,
        filters=[
            # Bleach Linkify makes it easy to modify links, however, we will
            # not be using it to create additional links.
            functools.partial(
                bleach.linkifier.LinkifyFilter,
                callbacks=[
                    lambda attrs, new: attrs if not new else None,
                    bleach.callbacks.nofollow,
                ],
                skip_tags=["pre"],
                parse_email=False,
            ),
        ],
github erwinmatijsen / django-markdownify / markdownify / templatetags / markdownify.py View on Github external
def markdownify(text):

    # Get the settings or set defaults if not set

    # Bleach settings
    whitelist_tags = getattr(settings, 'MARKDOWNIFY_WHITELIST_TAGS', bleach.sanitizer.ALLOWED_TAGS)
    whitelist_attrs = getattr(settings, 'MARKDOWNIFY_WHITELIST_ATTRS', bleach.sanitizer.ALLOWED_ATTRIBUTES)
    whitelist_styles = getattr(settings, 'MARKDOWNIFY_WHITELIST_STYLES', bleach.sanitizer.ALLOWED_STYLES)
    whitelist_protocols = getattr(settings, 'MARKDOWNIFY_WHITELIST_PROTOCOLS', bleach.sanitizer.ALLOWED_PROTOCOLS)

    # Markdown settings
    strip = getattr(settings, 'MARKDOWNIFY_STRIP', True)
    extensions = getattr(settings, 'MARKDOWNIFY_MARKDOWN_EXTENSIONS', [])

    # Bleach Linkify
    linkify = None
    linkify_text = getattr(settings, 'MARKDOWNIFY_LINKIFY_TEXT', True)

    if linkify_text:
        linkify_parse_email = getattr(settings, 'MARKDOWNIFY_LINKIFY_PARSE_EMAIL', False)
        linkify_callbacks = getattr(settings, 'MARKDOWNIFY_LINKIFY_CALLBACKS', None)
        linkify_skip_tags = getattr(settings, 'MARKDOWNIFY_LINKIFY_SKIP_TAGS', None)
github lordfriend / Albireo / service / web_hook.py View on Github external
def __init__(self):
        self.ALLOWED_TAGS = [u'p'] + bleach.sanitizer.ALLOWED_TAGS
github inducer / relate / course / page / code.py View on Github external
def filter_source_attributes(tag, name, value):
                    if name in ["type"]:
                        return True
                    elif name == "src":
                        if is_allowed_data_uri([
                                "audio/wav",
                                ], value):
                            return bleach.sanitizer.VALUE_SAFE
                        else:
                            return False
                    else:
                        return False
github erwinmatijsen / django-markdownify / markdownify / templatetags / markdownify.py View on Github external
def markdownify(text):

    # Get the settings or set defaults if not set

    # Bleach settings
    whitelist_tags = getattr(settings, 'MARKDOWNIFY_WHITELIST_TAGS', bleach.sanitizer.ALLOWED_TAGS)
    whitelist_attrs = getattr(settings, 'MARKDOWNIFY_WHITELIST_ATTRS', bleach.sanitizer.ALLOWED_ATTRIBUTES)
    whitelist_styles = getattr(settings, 'MARKDOWNIFY_WHITELIST_STYLES', bleach.sanitizer.ALLOWED_STYLES)
    whitelist_protocols = getattr(settings, 'MARKDOWNIFY_WHITELIST_PROTOCOLS', bleach.sanitizer.ALLOWED_PROTOCOLS)

    # Markdown settings
    strip = getattr(settings, 'MARKDOWNIFY_STRIP', True)
    extensions = getattr(settings, 'MARKDOWNIFY_MARKDOWN_EXTENSIONS', [])

    # Bleach Linkify
    linkify = None
    linkify_text = getattr(settings, 'MARKDOWNIFY_LINKIFY_TEXT', True)

    if linkify_text:
        linkify_parse_email = getattr(settings, 'MARKDOWNIFY_LINKIFY_PARSE_EMAIL', False)
        linkify_callbacks = getattr(settings, 'MARKDOWNIFY_LINKIFY_CALLBACKS', None)
        linkify_skip_tags = getattr(settings, 'MARKDOWNIFY_LINKIFY_SKIP_TAGS', None)
        linkifyfilter = bleach.linkifier.LinkifyFilter
github sfu-fas / coursys / courselib / markup.py View on Github external
import bleach
from textile import textile_restricted


MARKUP_CHOICES = [
    ('plain', 'Plain Text'),
    ('creole', 'WikiCreole'),
    ('markdown', 'Markdown'),
    ('textile', 'Textile'),
    ('html', 'HTML'),
]
MARKUP_CHOICES_WYSIWYG = MARKUP_CHOICES + [('html-wysiwyg', 'HTML editor')]
MARKUPS = dict(MARKUP_CHOICES)
# must be in-sync with object in markup-edit.js

allowed_tags_restricted = bleach.sanitizer.ALLOWED_TAGS + [ # allowed in discussion, etc
    'h3', 'h4', 'pre', 'p', 'dl', 'dt', 'dd',
    'dfn', 'q', 'del', 'ins', 's', 'sub', 'sup', 'u',
]
allowed_tags = allowed_tags_restricted + [ # allowed on pages and advisor notes
    'h2', 'img', 'div',
    'table', 'thead', 'tbody', 'tr', 'th', 'td',
]
allowed_attributes = bleach.sanitizer.ALLOWED_ATTRIBUTES
allowed_attributes['pre'] = ['lang']


def sanitize_html(html, restricted=False):
    """
    Sanitize HTML we got from the user so it's safe to include in the page
    """
    # TODO: document the HTML subset allowed (particularly <pre lang="python">)</pre>
github sfu-fas / coursys / courselib / markup.py View on Github external
('textile', 'Textile'),
    ('html', 'HTML'),
]
MARKUP_CHOICES_WYSIWYG = MARKUP_CHOICES + [('html-wysiwyg', 'HTML editor')]
MARKUPS = dict(MARKUP_CHOICES)
# must be in-sync with object in markup-edit.js

allowed_tags_restricted = bleach.sanitizer.ALLOWED_TAGS + [ # allowed in discussion, etc
    'h3', 'h4', 'pre', 'p', 'dl', 'dt', 'dd',
    'dfn', 'q', 'del', 'ins', 's', 'sub', 'sup', 'u',
]
allowed_tags = allowed_tags_restricted + [ # allowed on pages and advisor notes
    'h2', 'img', 'div',
    'table', 'thead', 'tbody', 'tr', 'th', 'td',
]
allowed_attributes = bleach.sanitizer.ALLOWED_ATTRIBUTES
allowed_attributes['pre'] = ['lang']


def sanitize_html(html, restricted=False):
    """
    Sanitize HTML we got from the user so it's safe to include in the page
    """
    # TODO: document the HTML subset allowed (particularly <pre lang="python">)
    allowed = allowed_tags_restricted if restricted else allowed_tags
    return mark_safe(bleach.clean(html, tags=allowed, attributes=allowed_attributes, strip=True))


def ensure_sanitary_markup(markup, markuplang, restricted=False):
    """
    Double-check that the markup we're about to store is safe.
</pre>

bleach

An easy safelist-based HTML-sanitizing tool.

GitHub
Apache-2.0
Latest version published 7 months ago

Package Health Score

96 / 100
Full package analysis

Popular bleach functions

Similar packages