Skip to main content
Python Software Foundation 20th Year Anniversary Fundraiser  Donate today!

Django template filter application for sanitizing user submitted HTML

Project description

**NOTE: Please try to break this and tell me where it is insufficent.**

Allows only whitelisted tags and attributes through.

The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.

For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:

ALLOWED_TAGS = "a:href,name"

In your templates, sanitizing is easy.

{% load sanitizer %}

{{ user_comment|allowtags|safe }}

{{ user_comment|allowtags:"b i"|safe }}

Disallowed tags or attributes are simply removed.

In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.

{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-sanitizer, version 0.4.1
Filename, size File type Python version Upload date Hashes
Filename, size django-sanitizer-0.4.1.tar.gz (3.9 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page