An easy whitelist-based HTML-sanitizing tool.
Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list. Bleach can also linkify text safely, applying filters that Django’s urlize filter cannot, and optionally setting rel attributes, even on links already in the text.
The version on github is the most up-to-date and contains the latest bug fixes.
The simplest way to use Bleach is:
>>> import bleach >>> bleach.clean('an <script>evil()</script> example') 'an <script>evil()</script> example' >>> bleach.linkify('an http://example.com url') 'a <a href="http://example.com" rel="nofollow">http://example.com</a> url
If you’re going to be cleaning a number of strings, it may be more efficient to instantiate your own Bleach instance:
>>> from bleach import Bleach >>> b = Bleach() >>> b.clean('an <script>evil()</script> example') 'an <script>evil()</script> example'
Both clean() and linkify() can take several optional keyword arguments to customize their behavior.
|tags||A whitelist of HTML tags. Must be a list. Defaults to bleach.ALLOWED_TAGS.|
|attributes||A whitelist of HTML attributes. Either a list, in which case all attributes are allowed on all elements, or a dict, with tag names as keys and lists of allowed attributes as values. Defaults to bleach.ALLOWED_ATTRIBUTES.|
|styles||A whitelist of allowed CSS properties within a style attribute. (Note that style attributes are not allowed by default.) Must be a list. Defaults to .|
|strip||Strip disallowed HTML instead of escaping it. A boolean. Defaults to False.|
|strip_comments||Strip HTML comments. A boolean. Defaults to True.|
Release history Release notifications
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size bleach-0.5.0.tar.gz (8.2 kB)||File type Source||Python version None||Upload date||Hashes View hashes|