Skip to main content
Help us improve Python packaging – donate today!

Django template filter application for sanitizing user submitted HTML

Project Description

**NOTE: Please try to break this and tell me where it is insufficent.**

Allows only whitelisted tags and attributes through.

The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.

For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:

ALLOWED_TAGS = "a:href,name"

In your templates, sanitizing is easy.

{% load sanitizer %}

{{ user_comment|allowtags|safe }}

{{ user_comment|allowtags:"b i"|safe }}

Disallowed tags or attributes are simply removed.

In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.

{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}

Release history Release notifications

This version
History Node

0.4.1

History Node

0.4

History Node

0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
django-sanitizer-0.4.1.tar.gz (3.9 kB) Copy SHA256 hash SHA256 Source None Jun 14, 2012

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page