django-secure-input provides custom form fields to render wysiwyg editor instead of regular textareas. It takes care of cleaning html for you too. With its super secure defaults you do not want to modified it's whitelisting rules.
Project description
Let your users input html into your textareas without losing any sleep. django-secure-input sanitizes user’s input and allows only some tags to be interpreted as html and escapes the rest. By default, <script> tags are not allowed.
Requirements/Installing
django-secure-input requires Python 2.6-2.7 or 3.2+. It also requires Django >= 1.4 and bleach.
The easiest way to install django-secure-input is using pip:
pip install django-secure-input
The add it to your install apps:
INSTALLED_APP += ('secure_input')
Fields
Use one of our provided custom form fields in your forms and you are all set.
- SafeCharFieldInput
Textarea that allows saving html.
- WYSIWYGField
wysiwyg widget
- MiniWYSIWYGField
wysiwyg widget (limiited tools)
Defaults settings
The defaults provided by our validation method can be overwritten, to set your own overwrite this on your settings.py file:
ALLOWED_TAGS: Tuple of allowed tags, for example: (‘p’, ‘h2’, ‘h3’).
- ALLOWED_STYLES: Tuple of inline style allowable in your html, for
example: (‘font’, ‘font-size’, ‘color’).
- ALLOWED_ATTRIBUTES: A dict of tags -> attributes, for example:
{‘a’: [‘href’, ‘title’], ‘*’: [‘class’]}
Example
Simplest way to start using our custom fields:
from django import forms
from secure_input.fields import MiniWYSIWYGField
class MySecureForm(forms.ModelForm):
text = MiniWYSIWYGField()
class Meta:
model = MyModel
Template
Make sure to include the following css and js files in the template where you are rendering your form.
In your template {{ form.media.css }}:
- <link href="{{ STATIC_URL }}secure_input/bootstrap/css/bootstrap.css" rel="stylesheet" type="css/text">
- <link href="{{ STATIC_URL }}secure_input/font-awesome/css/font-awesome.css" rel="stylesheet" type="css/text">
- <link href="{{ STATIC_URL }}secure_input/css/basicEditor.css" rel="stylesheet" type="css/text">
and {{form.media.js }}:
- <script src="{{ STATIC_URL }}secure_input/js/libs/jquery.js" type="text/javascript"></script>
- <script src="{{ STATIC_URL }}secure_input/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
- <script src="{{ STATIC_URL }}secure_input/bootstrap-wysiwyg/external/jquery.hotkeys.js" type="text/javascript"></script>
- <script src="{{ STATIC_URL }}secure_input/bootstrap-wysiwyg/bootstrap-wysiwyg.js" type="text/javascript"></script>
- <script src="{{ STATIC_URL }}secure_input/js/plugin.js" type="text/javascript"></script>
Finally, you need to initialize the js plugin:
$("#commentForm").secureInput();
Documentation
Additional documentation on using django-secure-input is available on Read The Docs.
Running the Tests
You can run the tests with via:
python setup.py test
or:
python runtests.py
License
django-secure-input is released under the BSD License. See the LICENSE file for more details.
Contributing
If you think you’ve found a bug or are interested in contributing to this project check out django-secure-input on Github.
Development sponsored by RochApps, LLC.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-secure-input-0.9.3.tar.gz.
File metadata
- Download URL: django-secure-input-0.9.3.tar.gz
- Upload date:
- Size: 575.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 32a78b08d4c6412e2963175ad00769a4f1d910428f01842d358f903f9094fcef |
|
| MD5 | 7a327ddfb539cfae50af7a5e1f0a743e |
|
| BLAKE2b-256 | f1e551b4c23cd5ebec9e2f5f04ecdd1f791521959bf2c515f9d737a2d76800d8 |
