An easy whitelist-based HTML-sanitizing tool.
Project description
Bleach is an HTML sanitizing library designed to strip disallowed tags and attributes based on a whitelist, and can additionally autolinkify URLs in text with an extra filter layer that Django’s urlize filter doesn’t have.
Basic Use
The simplest way to use Bleach:
>>> from bleach import Bleach
>>> bl = Bleach()
>>> bl.clean('an <script>evil()</script> example')
'an <script>evil()</script> example'
# to linkify URLs and email addresses, use
>>> bl.linkify('a http://example.com url')
'a <a href="http://example.com" rel="nofollow">http://example.com</a> url'
clean() also fixes up some common errors:
>>> from bleach import Bleach
>>> bl = Bleach()
>>> bl.clean('unbalanced <em>tag')
'unbalanced <em>tag</em>'
Advanced Use
Bleach is relatively configurable.
Clean - Advanced
clean() takes up to two optional arguments, tags and attributes, which are instructions on what tags and attributes to allow, respectively.
tags is a list of whitelisted tags:
>>> from bleach import Bleach
>>> bl = Bleach()
>>> TAGS = ['b', 'em', 'i', 'strong']
>>> bl.clean('<abbr>not allowed</abbr>', tags=TAGS)
'<abbr>not allowed</abbr>'
attributes is either a list or, more powerfully, a dict of allowed attributes. If a list is used, it is applied to all allowed tags, but if a dict is use, the keys are tag names, and the values are lists of attributes allowed for that tag.
For example:
>>> from bleach import Bleach
>>> bl = Bleach()
>>> ATTRS = {'a': ['href']}
>>> bl.clean('<a href="/" title="fail">link</a>', attributes=ATTRS)
'<a href="/">link</a>'
Linkify - Advanced
If you pass nofollow=False to linkify(), links will not be created with rel="nofollow". By default, nofollow is True. If nofollow is True, then links found in the text will have their rel attributes set to nofollow as well, otherwise the attribute will not be modified.
Configuring linkify() is somewhat more complicated. linkify() passes data through different filters before returning the string. By default, these filters do nothing, but if you subclass Bleach, you can override them.
All the filters take and return a single string.
filter_url
filter_url(self, url) is applied to URLs before they are put into the href attribute of the link. If you need these links to go through a redirect or outbound script, filter_url() is the function to override.
For example:
import urllib
from bleach import Bleach
class MyBleach(Bleach):
def filter_url(self, url):
return 'http://example.com/bounce?u=%s' % urllib.quote(url)
Now, use MyBleach instead of Bleach and linkify() will route urls through your bouncer.
filter_text
This filter is applied to the link text of linkified URLs.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bleach-0.2.2.tar.gz.
File metadata
- Download URL: bleach-0.2.2.tar.gz
- Upload date:
- Size: 6.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
41edc88933cb80b638bef960bd7cd976f575ebb7bfe0ba68961f99ccdcb43586
|
|
| MD5 |
309227609d19edab3e8b0cf8fa85da4a
|
|
| BLAKE2b-256 |
1325b349f49e7cd1a5fb3e8c29b37d53238bd71b31de371f083b31d0c310a920
|
File details
Details for the file bleach-0.2.2-py2.6.egg.
File metadata
- Download URL: bleach-0.2.2-py2.6.egg
- Upload date:
- Size: 9.8 kB
- Tags: Egg
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f78231c099f086320b380339026c4a92ee31147e5ee51f6abe44efa8307615fa
|
|
| MD5 |
1bb16fbe8fbeafe1c62f06f99d0cb862
|
|
| BLAKE2b-256 |
be3621c0f34c7200105282a065584cc5fc1fd7b1ce7893967b9859b6b150d0a3
|
