Image transforming WSGI middleware

## Project description

This package provides a WSGI middleware component which automatically scales images according to the width and height property in the <img> tag.

To configure the middleware, pass in a string for secret; this may be any string internal to the system.

You can also set filter to select the scaling filter. The available filters are nearest, bilinear, bicubic and antialias. The default is antialias.

If you want to change the compression level for JPEG images, then you can set the quality option to a value between 1 (worst) and 95 (best). The default is 80.

By default all image URLs are rewritten. With limit_to_application_url you can limit the rewriting to relative URLs and absolute URLs below the application URL.

A minimal cache implementation is available with the cache parameter. It should be the path to a directory where generated images will be saved. This is a very simplistic approach that does not use any possibly related HTTP header at all: Last-Modified, Expires, etc. The only way to refresh or empty the cache is to delete the files. This feature is disabled by default.

## Usage

The middleware operates in two phases, on HTML documents and images respectively.

When processing HTML documents, it looks for image tags in the document soup:

<img src="some_image.png" width="640" height="480" />

In the case it finds such an image element, it rewrites the URL to include scaling information which the middleware will read when the image is served through it.

The image will be proportionally scaled, so it fits into the given size. If you only set one of width or height, then the image will only be limited to that, but still proportionally scaled.

This effectively means that application developers needn’t worry about image scaling; simply put the desired size in the HTML document.

Note that this middleware is protected from DoS attacks (which is important for any middleware that does significant processing) by signing all URLs with an SHA digest signature.

## Contributing

The development of repoze.bitblt happens at github: https://github.com/repoze/repoze.bitblt

## Changelog

### 0.9 (released 2012-10-18)

• Maintain embedded ICC Profiles in images. Requires PIL 1.1.7 or later.

• Add simplistic cache implementation. [damien]

• Remove paragraph in readme which mentions the try_xhtml option. It’s now a no-op. [jinty]

• Use PATH_INFO directly to avoid blowing up on non UTF-8 paths.

### 0.8 (released 2010-03-01)

The major change in the 0.8 release was a rewrite of the <img> tag search and replace to use regexs rather than lxml. It was proving too hard to prevent lxml from mangling low quality HTML in nasty ways. The new regex based search/replace takes a lot of care to only modify what is necessary.

Side effects of this change are a reduction of dependencies and theoretically better performance.

• Work with unclosed <img> tags (HTML4). [jinty]

• Re-write rewrite_image_tags to use regular expressions to find/mangle img tags. As well aas removing the dependency on lxml this prevents a whole class of bugs where lxml was changing the HTML source too much, see http://bugs.repoze.org/issue103. Backwards compatibility for the ‘ImageTransformationMiddleware’ class was preserved by leaving the try_xhtml argument in place. It is now a no-op. [jinty]

• Make sure resizing preserves GIF transparency. http://bugs.repoze.org/issue115 [jinty]

• Fix bug where <![CDATA[ escaped sections would be quoted and the CDATA stripped. This causes foulups when quoting Javascript. [jinty]

• Properly rewrite <img> tags with pixel (e.g. height=”100px”) attributes, previously the url generated missed the regex resulting in broken images. [jinty]

• Don’t rewrite <img> tags with percentage sizes, only the browser knows how big the images should be. See http://www.w3.org/TR/html4/types.html#h-6.6. [jinty]

• Use unicode_body all over to ensure correct encoding. [jinty]

• Fixed bug where the leading slash of an absolute URL without the FQDN would be wrongly removed. [damien]

• Fixed bug where the quality-parameter would not be coerced to integer, required by PIL. [damien]

• Compatibility with Python 2.4. [malthe]

### 0.7 (released 2009-03-18)

• Don’t use python 2.6 syntax. [seletz]

• Handle empty content bodies, which can occure for redirects. [fschulze]

• Added support for xhtml, which allows the inclusion of namespace tags. [fschulze]

• Added option to limit the url rewriting to urls below the application url. [fschulze]

• Added scaling filter support. [fschulze]

• Support image tags with only one of the width or height attributes set. [fschulze]

• Fix UnboundLocalError for respones with untransformed image. [fschulze]

• Fix importing of PIL. The old way assumed the broken egg installation. [fschulze]

### 0.6 (released 2008-10-11)

• Require to pass in a secret parameter to configure middleware security. [malthe]

### 0.5 (released 2008-10-11)

• Rewritten URLs are now signed by the middleware to ensure that bitblt requests are only crafted by the middleware. This is required to shield against DoS attacks. [malthe]

### 0.4 (released 2008-10-11)

• Fixed path handling. [malthe]

• Added HTML document processing which scans document for image tags and rewrite image src attribute to include “bitblt” traversing directive. This makes it work as an actual middleware, since the application semantics are then unchanged. [malthe]

• No longer accept query parameters, but instead require traversing directive “/bitblt-<width>x<height>”. [malthe]

• Removed functionality to MIME-type convert. [malthe]

### 0.3 (released 2008-10-10)

• Made logic robust to unexpected parameters. [malthe]

• Fixed bug where parameters would be drawn from the WSGI environment. [malthe]

### 0.2 (released 2008-10-08)

• Fixed entry point name.

### 0.1 (released 2008-10-03)

• Initial release.

## Project details

Uploaded source