Usefull for TinyMCE, to allow some HTML but be vunarable by XXS attacks
You need to install html5lib
sudo easy_install html5lib
1 2 3 4 5 6 7 8 9 10 11 12 13 | from django import template
from django.template.defaultfilters import stringfilter
register = template.Library()
import html5lib
from html5lib import sanitizer
@register.filter
@stringfilter
def sanitize(value):
p = html5lib.HTMLParser(tokenizer=sanitizer.HTMLSanitizer)
return p.parseFragment(value).toxml()
|
More like this
- Serializer factory with Django Rest Framework by julio 5 months, 2 weeks ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 6 months, 1 week ago
- Help text hyperlinks by sa2812 7 months ago
- Stuff by NixonDash 9 months, 1 week ago
- Add custom fields to the built-in Group model by jmoppel 11 months, 2 weeks ago
Comments
Once change I had to make - despite trying to add
after the last line you had, Django was still interpreting the results of this as unsafe and proceeding to escape all the special characters. Which somewhat defeats the purpose of having a smart library like html5lib handle it. I had to add one import
and change your return statement to this:
Thanks for the snippet!
#
Please login first before commenting.