-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbleachUp.py
71 lines (57 loc) · 2.16 KB
/
bleachUp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# std:
# n/a
# pip-ext:
import bleach;
# pip-int:
# n/a
# loc:
import utils;
# Allowed Tags: ::::::::::::::::::::::::::::::::::::::::::::
DEFAULT_ALLOWED_TAGS = [
'a', 'abbr', 'acronym', 'b', 'blockquote',
'code', 'em', 'i', 'li', 'ol', 'strong', 'ul',
];
assert DEFAULT_ALLOWED_TAGS == bleach.sanitizer.ALLOWED_TAGS;
ALLOWED_TAGS = DEFAULT_ALLOWED_TAGS + [
"p", "pre", "br", "label",
"table", "thead", "tbody", "tr", "th", "td",
"h1", "h2", "h3", "h4", "h5", "h6",
"div", "span", "section",
"img", "figure",
"font", # WYSIWYGs use this for setting font.
"u", # Commonly used in WYSIWYG editing.
"hr",
"iframe",
];
# Allowed Attributes: ::::::::::::::::::::::::::::::::::::::
DEFAULT_ALLOWED_ATTRIBUTES = {
'a': ['href', 'title'], # TODO: Allow target="_blank";
'abbr': ['title'],
'acronym': ['title'],
};
assert DEFAULT_ALLOWED_ATTRIBUTES == bleach.sanitizer.ALLOWED_ATTRIBUTES;
ALLOWED_ATTRIBUTES = utils.deepCopy(DEFAULT_ALLOWED_ATTRIBUTES);
ALLOWED_ATTRIBUTES.update({
"img": ["src", "height", "width"],
"*": ["class", "style"], # 'style' req'd in ALLOWED_ATTRIBUTES, and ALLOWED_STYLES too.
"font": ["color"],
"iframe": ["src", "width", "height", "frameborder"],
});
# Allowed Styles: ::::::::::::::::::::::::::::::::::::::::::
assert bleach.sanitizer.ALLOWED_STYLES == [];
ALLOWED_STYLES = [
"background-color", # WYSIWYGs use for text-highlight
];
# Bleaching: :::::::::::::::::::::::::::::::::::::::::::::::
def sanitizeHtml (s): # AKA bleachHtml # Externally: `import bleachUp; bleachUp.bleachHtml(html);`
cleaned_s = bleach.clean(s,
tags = ALLOWED_TAGS,
attributes = ALLOWED_ATTRIBUTES,
styles = ALLOWED_STYLES,
strip_comments = False,
);
## TODO: Consider below, and using LinkifyFilter. # Docs: https://bleach.readthedocs.io/en/latest/linkify.html
#linkified_s = bleach.linkify(cleaned_s); # <- Adds rel="nofollow" to links. TODO?: Add noopener via param `callbacks`
#return linkified_s;
return cleaned_s;
bleachHtml = sanitizeHtml; # Alias, thematic nomenclature.