Skip to main content

Django template filter application for sanitizing user submitted HTML

Project description

**NOTE: Please try to break this and tell me where it is insufficent.**

Allows only whitelisted tags and attributes through.

The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.

For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:

ALLOWED_TAGS = "a:href,name"

In your templates, sanitizing is easy.

{% load sanitizer %}

{{ user_comment|allowtags|safe }}

{{ user_comment|allowtags:"b i"|safe }}

Disallowed tags or attributes are simply removed.

In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.

{{ body|maptags:"h1=h2 h2=h3 h4=h5" }}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-sanitizer-0.4.tar.gz (3.9 kB view details)

Uploaded Source

File details

Details for the file django-sanitizer-0.4.tar.gz.

File metadata

File hashes

Hashes for django-sanitizer-0.4.tar.gz
Algorithm Hash digest
SHA256 bfa5e9cdbd3b2a1a55c73e8c04bcc279e8e7fb394858ab6f2de4b0fe3eff79ba
MD5 c52f266235e1cf5e220bb3456ffba1f4
BLAKE2b-256 d69e0655edaea34f61ee6dc5d51a4ad632d72780d13fca1945c4c426ada79339

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page