Skip to content

caktus/django-sanitizer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
runtests
runtests
 
 
sanitizer
sanitizer
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README
README
 
 
setup.py
setup.py
 
 

Repository files navigation

**NOTE: Please try to break this and tell me where it is insufficent.**

Allows only whitelisted tags and attributes through.

The setting ALLOWED_TAGS can override the behavior. The syntax of
this setting is a space-separated list of tags, which are optionally
followed by a colon and a comma-separated list of attribute permitted in
the tag.

For example, to allow <a> tags which are links or named anchors, but not
to allow definition of an onclick attribute:

    ALLOWED_TAGS = "a:href,name"

In your templates, sanitizing is easy.

    {% load sanitizer %}

    {{ user_comment|allowtags|safe }}

    {{ user_comment|allowtags:"b i"|safe }}

Disallowed tags or attributes are simply removed.

In some cases, it is useful to disallow a tag, but to convert it to something
safe, rather than stripping it entirely. For example, you might not want to
allow <h1> tags, and want to "quiet" them into <h2> tags.

    {{ body|maptags:"h1=h2 h2=h3 h4=h5" }}

About

No description, website, or topics provided.

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

7 stars

Watchers

21 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages