[Python-modules-commits] [django-html-sanitizer] 01/01: Import django-html-sanitizer_0.1.5.orig.tar.gz

Scott Kitterman kitterman at moszumanska.debian.org
Wed Nov 9 16:28:40 UTC 2016


This is an automated email from the git hooks/post-receive script.

kitterman pushed a commit to branch master
in repository django-html-sanitizer.

commit 0d9f9098c844fd168893a094fb76b74ae7f3b87d
Author: Scott Kitterman <scott at kitterman.com>
Date:   Wed Nov 9 10:14:07 2016 -0500

    Import django-html-sanitizer_0.1.5.orig.tar.gz
---
 LICENSE.txt                                        |  20 ++
 MANIFEST.in                                        |   2 +
 PKG-INFO                                           | 203 +++++++++++++++++++++
 README.rst                                         | 183 +++++++++++++++++++
 django_html_sanitizer.egg-info/PKG-INFO            | 203 +++++++++++++++++++++
 django_html_sanitizer.egg-info/SOURCES.txt         |  17 ++
 .../dependency_links.txt                           |   1 +
 django_html_sanitizer.egg-info/not-zip-safe        |   1 +
 django_html_sanitizer.egg-info/pbr.json            |   1 +
 django_html_sanitizer.egg-info/requires.txt        |   2 +
 django_html_sanitizer.egg-info/top_level.txt       |   1 +
 sanitizer/__init__.py                              |   3 +
 sanitizer/decorators.py                            |  40 ++++
 sanitizer/forms.py                                 |  22 +++
 sanitizer/models.py                                |  61 +++++++
 sanitizer/tests.py                                 |  86 +++++++++
 setup.cfg                                          |   8 +
 setup.py                                           |  32 ++++
 18 files changed, 886 insertions(+)

diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..67ec320
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,20 @@
+Copyright (c) 2012 Selwin Ong
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 0000000..48fde0c
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,2 @@
+include LICENSE.txt
+include README.rst
\ No newline at end of file
diff --git a/PKG-INFO b/PKG-INFO
new file mode 100644
index 0000000..549051a
--- /dev/null
+++ b/PKG-INFO
@@ -0,0 +1,203 @@
+Metadata-Version: 1.1
+Name: django-html_sanitizer
+Version: 0.1.5
+Summary: Provides a set of HTML cleaning utilities for django models, forms and templates.
+Home-page: https://github.com/ui/django-html_sanitizer
+Author: Selwin Ong
+Author-email: selwin.ong at gmail.com
+License: MIT
+Description: =====================
+        Django HTML Sanitizer
+        =====================
+        
+        Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+        HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+        the excellent Python HTML sanitizer.
+        
+        
+        Dependencies
+        ============
+        
+        - `django <http://djangoproject.com/>`_: http://djangoproject.com/
+        - `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+        
+        
+        Installation
+        ============
+        
+        You'll first need to install the package (or download manually from
+        `pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+            
+            pip install django-html_sanitizer
+        
+        And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+            
+            INSTALLED_APPS = (
+                # other apps
+                "sanitizer",
+            )
+        
+        
+        Model Usage
+        ===========
+        
+        Similar to bleach, django sanitizer is a whitelist (only allows specified tags 
+        and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+        that automatically sanitizes text values; ``SanitizedCharField`` and 
+        ``SanitizedTextField``.
+        
+        These fields accept extra arguments:
+        
+        * allowed_tags: a list of allowed HTML tags
+        * allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+          tag keys with atttribute list for each key
+        * allowed_styles: a list of allowed styles if "style" is one of the allowed 
+          attributes
+        * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+        
+        Here's how to use it in django models::
+            
+            from django.db import models
+            from sanitizer.models import SanitizedCharField, SanitizedTextField
+        
+            class MyModel(models.Model):
+                # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+                foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes={'img':['src', 'style']}, 
+                                         allowed_styles=['width', 'height'], strip=False)
+        
+        
+        Form Usage
+        ==========
+        
+        Using django HTML sanitizer in django forms is very similar to model usage::
+            
+            from django import forms
+            from sanitizer.forms import SanitizedCharField
+        
+            class MyForm(forms.Form):
+                # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+                foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+                foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes={'img':['src', 'style']}, 
+                                         allowed_styles=['width', 'height'], strip=False)
+        
+        
+        Template Usage
+        ==============
+        
+        Django sanitizer provides a few differents ways of cleaning HTML in templates.
+        
+        ``escape_html`` Template Tag
+        ----------------------------
+        
+        Example usage::
+            
+            {% load sanitizer %}
+            {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+        
+        Assuming ``post.content`` contains the string
+        '<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+        output::
+        
+            '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+        
+        On django 1.4 you could also use keyword arguments::
+        
+            {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+        
+        
+        ``strip_html`` Template Tag
+        ---------------------------
+        
+        Example usage::
+            
+            {% load sanitizer %}
+            {% strip_html post.content "a, p, img" "href, src" %}
+        
+        If ``post.content`` contains the string
+        '<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+        
+            '<a href ="#">Example</a>alert("x")'
+        
+        
+        ``escape_html`` Filter
+        ----------------------
+        
+        Escapes HTML tags from string based on settings. To use this filter you need to
+        put these variables on settings.py:
+        
+        * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+        * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+        * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+        
+        For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+        ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, 
+        ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+            
+            {% load sanitizer %}
+            {{ post.content|escape_html }}
+        
+        If ``post.content`` contains the string
+        '<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+        
+            '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+        
+        
+        ``strip_html`` Filter
+        ---------------------
+        
+        Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+        
+        For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+        ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+            
+            {% load sanitizer %}
+            {{ post.content|strip_html }}
+        
+        If ``post.content`` contains the string
+        '<a href ="#">Example</a><script>alert("x")</script>', we will get::
+        
+            '<a href ="#">Example</a>alert("x")'
+        
+        
+        
+        Changelog
+        =========
+        
+        Version 0.1.5
+        -------------
+        
+        * Fixes for smart_unicode and basestring (python 3.x support)
+        
+        Version 0.1.4
+        -------------
+        
+        * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+          ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_, 
+        * Added an example of template tag usage using kwargs now that Django 1.4 is out
+        
+        Version 0.1.2
+        -------------
+        
+        * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+        
+        
+Platform: UNKNOWN
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Framework :: Django
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup :: HTML
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..5af5574
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,183 @@
+=====================
+Django HTML Sanitizer
+=====================
+
+Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+the excellent Python HTML sanitizer.
+
+
+Dependencies
+============
+
+- `django <http://djangoproject.com/>`_: http://djangoproject.com/
+- `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+
+
+Installation
+============
+
+You'll first need to install the package (or download manually from
+`pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+    
+    pip install django-html_sanitizer
+
+And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+    
+    INSTALLED_APPS = (
+        # other apps
+        "sanitizer",
+    )
+
+
+Model Usage
+===========
+
+Similar to bleach, django sanitizer is a whitelist (only allows specified tags 
+and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+that automatically sanitizes text values; ``SanitizedCharField`` and 
+``SanitizedTextField``.
+
+These fields accept extra arguments:
+
+* allowed_tags: a list of allowed HTML tags
+* allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+  tag keys with atttribute list for each key
+* allowed_styles: a list of allowed styles if "style" is one of the allowed 
+  attributes
+* strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+
+Here's how to use it in django models::
+    
+    from django.db import models
+    from sanitizer.models import SanitizedCharField, SanitizedTextField
+
+    class MyModel(models.Model):
+        # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+        foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes=['href', 'src'], strip=False)
+        bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes=['href', 'src'], strip=False)
+        foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes={'img':['src', 'style']}, 
+                                 allowed_styles=['width', 'height'], strip=False)
+
+
+Form Usage
+==========
+
+Using django HTML sanitizer in django forms is very similar to model usage::
+    
+    from django import forms
+    from sanitizer.forms import SanitizedCharField
+
+    class MyForm(forms.Form):
+        # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+        foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes=['href', 'src'], strip=False)
+        bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+        foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                 allowed_attributes={'img':['src', 'style']}, 
+                                 allowed_styles=['width', 'height'], strip=False)
+
+
+Template Usage
+==============
+
+Django sanitizer provides a few differents ways of cleaning HTML in templates.
+
+``escape_html`` Template Tag
+----------------------------
+
+Example usage::
+    
+    {% load sanitizer %}
+    {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+
+Assuming ``post.content`` contains the string
+'<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+output::
+
+    '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+
+On django 1.4 you could also use keyword arguments::
+
+    {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+
+
+``strip_html`` Template Tag
+---------------------------
+
+Example usage::
+    
+    {% load sanitizer %}
+    {% strip_html post.content "a, p, img" "href, src" %}
+
+If ``post.content`` contains the string
+'<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+
+    '<a href ="#">Example</a>alert("x")'
+
+
+``escape_html`` Filter
+----------------------
+
+Escapes HTML tags from string based on settings. To use this filter you need to
+put these variables on settings.py:
+
+* ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+* ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+* ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+
+For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, 
+``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+    
+    {% load sanitizer %}
+    {{ post.content|escape_html }}
+
+If ``post.content`` contains the string
+'<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+
+    '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+
+
+``strip_html`` Filter
+---------------------
+
+Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+
+For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+    
+    {% load sanitizer %}
+    {{ post.content|strip_html }}
+
+If ``post.content`` contains the string
+'<a href ="#">Example</a><script>alert("x")</script>', we will get::
+
+    '<a href ="#">Example</a>alert("x")'
+
+
+
+Changelog
+=========
+
+Version 0.1.5
+-------------
+
+* Fixes for smart_unicode and basestring (python 3.x support)
+
+Version 0.1.4
+-------------
+
+* ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+  ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_, 
+* Added an example of template tag usage using kwargs now that Django 1.4 is out
+
+Version 0.1.2
+-------------
+
+* ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+
diff --git a/django_html_sanitizer.egg-info/PKG-INFO b/django_html_sanitizer.egg-info/PKG-INFO
new file mode 100644
index 0000000..ea2efdb
--- /dev/null
+++ b/django_html_sanitizer.egg-info/PKG-INFO
@@ -0,0 +1,203 @@
+Metadata-Version: 1.1
+Name: django-html-sanitizer
+Version: 0.1.5
+Summary: Provides a set of HTML cleaning utilities for django models, forms and templates.
+Home-page: https://github.com/ui/django-html_sanitizer
+Author: Selwin Ong
+Author-email: selwin.ong at gmail.com
+License: MIT
+Description: =====================
+        Django HTML Sanitizer
+        =====================
+        
+        Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+        HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+        the excellent Python HTML sanitizer.
+        
+        
+        Dependencies
+        ============
+        
+        - `django <http://djangoproject.com/>`_: http://djangoproject.com/
+        - `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+        
+        
+        Installation
+        ============
+        
+        You'll first need to install the package (or download manually from
+        `pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+            
+            pip install django-html_sanitizer
+        
+        And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+            
+            INSTALLED_APPS = (
+                # other apps
+                "sanitizer",
+            )
+        
+        
+        Model Usage
+        ===========
+        
+        Similar to bleach, django sanitizer is a whitelist (only allows specified tags 
+        and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+        that automatically sanitizes text values; ``SanitizedCharField`` and 
+        ``SanitizedTextField``.
+        
+        These fields accept extra arguments:
+        
+        * allowed_tags: a list of allowed HTML tags
+        * allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+          tag keys with atttribute list for each key
+        * allowed_styles: a list of allowed styles if "style" is one of the allowed 
+          attributes
+        * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+        
+        Here's how to use it in django models::
+            
+            from django.db import models
+            from sanitizer.models import SanitizedCharField, SanitizedTextField
+        
+            class MyModel(models.Model):
+                # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+                foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes={'img':['src', 'style']}, 
+                                         allowed_styles=['width', 'height'], strip=False)
+        
+        
+        Form Usage
+        ==========
+        
+        Using django HTML sanitizer in django forms is very similar to model usage::
+            
+            from django import forms
+            from sanitizer.forms import SanitizedCharField
+        
+            class MyForm(forms.Form):
+                # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+                foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False)
+                bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+                foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'], 
+                                         allowed_attributes={'img':['src', 'style']}, 
+                                         allowed_styles=['width', 'height'], strip=False)
+        
+        
+        Template Usage
+        ==============
+        
+        Django sanitizer provides a few differents ways of cleaning HTML in templates.
+        
+        ``escape_html`` Template Tag
+        ----------------------------
+        
+        Example usage::
+            
+            {% load sanitizer %}
+            {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+        
+        Assuming ``post.content`` contains the string
+        '<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+        output::
+        
+            '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+        
+        On django 1.4 you could also use keyword arguments::
+        
+            {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+        
+        
+        ``strip_html`` Template Tag
+        ---------------------------
+        
+        Example usage::
+            
+            {% load sanitizer %}
+            {% strip_html post.content "a, p, img" "href, src" %}
+        
+        If ``post.content`` contains the string
+        '<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+        
+            '<a href ="#">Example</a>alert("x")'
+        
+        
+        ``escape_html`` Filter
+        ----------------------
+        
+        Escapes HTML tags from string based on settings. To use this filter you need to
+        put these variables on settings.py:
+        
+        * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+        * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+        * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+        
+        For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+        ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``, 
+        ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+            
+            {% load sanitizer %}
+            {{ post.content|escape_html }}
+        
+        If ``post.content`` contains the string
+        '<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+        
+            '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+        
+        
+        ``strip_html`` Filter
+        ---------------------
+        
+        Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+        
+        For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``, 
+        ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+            
+            {% load sanitizer %}
+            {{ post.content|strip_html }}
+        
+        If ``post.content`` contains the string
+        '<a href ="#">Example</a><script>alert("x")</script>', we will get::
+        
+            '<a href ="#">Example</a>alert("x")'
+        
+        
+        
+        Changelog
+        =========
+        
+        Version 0.1.5
+        -------------
+        
+        * Fixes for smart_unicode and basestring (python 3.x support)
+        
+        Version 0.1.4
+        -------------
+        
+        * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+          ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_, 
+        * Added an example of template tag usage using kwargs now that Django 1.4 is out
+        
+        Version 0.1.2
+        -------------
+        
+        * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+        
+        
+Platform: UNKNOWN
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Framework :: Django
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup :: HTML
diff --git a/django_html_sanitizer.egg-info/SOURCES.txt b/django_html_sanitizer.egg-info/SOURCES.txt
new file mode 100644
index 0000000..64f9b0a
--- /dev/null
+++ b/django_html_sanitizer.egg-info/SOURCES.txt
@@ -0,0 +1,17 @@
+LICENSE.txt
+MANIFEST.in
+README.rst
+setup.cfg
+setup.py
+django_html_sanitizer.egg-info/PKG-INFO
+django_html_sanitizer.egg-info/SOURCES.txt
+django_html_sanitizer.egg-info/dependency_links.txt
+django_html_sanitizer.egg-info/not-zip-safe
+django_html_sanitizer.egg-info/pbr.json
+django_html_sanitizer.egg-info/requires.txt
+django_html_sanitizer.egg-info/top_level.txt
+sanitizer/__init__.py
+sanitizer/decorators.py
+sanitizer/forms.py
+sanitizer/models.py
+sanitizer/tests.py
\ No newline at end of file
diff --git a/django_html_sanitizer.egg-info/dependency_links.txt b/django_html_sanitizer.egg-info/dependency_links.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/django_html_sanitizer.egg-info/dependency_links.txt
@@ -0,0 +1 @@
+
diff --git a/django_html_sanitizer.egg-info/not-zip-safe b/django_html_sanitizer.egg-info/not-zip-safe
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/django_html_sanitizer.egg-info/not-zip-safe
@@ -0,0 +1 @@
+
diff --git a/django_html_sanitizer.egg-info/pbr.json b/django_html_sanitizer.egg-info/pbr.json
new file mode 100644
index 0000000..897537c
--- /dev/null
+++ b/django_html_sanitizer.egg-info/pbr.json
@@ -0,0 +1 @@
+{"is_release": false, "git_version": "6331113"}
\ No newline at end of file
diff --git a/django_html_sanitizer.egg-info/requires.txt b/django_html_sanitizer.egg-info/requires.txt
new file mode 100644
index 0000000..cd9f07b
--- /dev/null
+++ b/django_html_sanitizer.egg-info/requires.txt
@@ -0,0 +1,2 @@
+django
+bleach
diff --git a/django_html_sanitizer.egg-info/top_level.txt b/django_html_sanitizer.egg-info/top_level.txt
new file mode 100644
index 0000000..2aaf698
--- /dev/null
+++ b/django_html_sanitizer.egg-info/top_level.txt
@@ -0,0 +1 @@
+sanitizer
diff --git a/sanitizer/__init__.py b/sanitizer/__init__.py
new file mode 100644
index 0000000..85bd8ef
--- /dev/null
+++ b/sanitizer/__init__.py
@@ -0,0 +1,3 @@
+VERSION = (0, 1, 4)
+
+from .decorators import sanitize
diff --git a/sanitizer/decorators.py b/sanitizer/decorators.py
new file mode 100644
index 0000000..cf39398
--- /dev/null
+++ b/sanitizer/decorators.py
@@ -0,0 +1,40 @@
+from django import forms
+
+import bleach
+
+
+def get_sanitized_clean_func(original_clean, **kwargs):
+    def fn(value):
+        value = original_clean(value)
+        if isinstance(value, basestring):
+            value = bleach.clean(value, **kwargs)
+        return value
+    return fn
+
+
+class sanitize(object):
+
+    
+    def __init__(self, tags=bleach.ALLOWED_TAGS,
+                 attributes=bleach.ALLOWED_ATTRIBUTES, styles=[], strip=False,
+                 strip_comments=True):
+        self.kwargs = {
+            'tags': tags,
+            'attributes': attributes,
+            'styles': styles,
+            'strip': strip,
+            'strip_comments': strip_comments,
+        }
+
+
+    def __call__(self, cls):
+        self.actual_decorator(cls)
+        return cls
+        
+        
+    def actual_decorator(self, cls):
+        fields = [(key, value) for key, value in cls.base_fields.iteritems() if isinstance(value, forms.CharField)]
+        for field_name, field_object in fields:
+            original_clean = getattr(field_object, 'clean')
+            clean_func = get_sanitized_clean_func(original_clean, **self.kwargs)
+            setattr(field_object, 'clean', clean_func)
diff --git a/sanitizer/forms.py b/sanitizer/forms.py
new file mode 100644
index 0000000..9936dd6
--- /dev/null
+++ b/sanitizer/forms.py
@@ -0,0 +1,22 @@
+from django import forms
+
+import bleach
+
+
+class SanitizedCharField(forms.CharField):
+    """
+    A subclass of CharField that escapes (or strip) HTML tags and attributes.
+    """    
+    def __init__(self, allowed_tags=[], allowed_attributes=[], 
+            allowed_styles=[], strip=False, *args, **kwargs):
+        self._allowed_tags = allowed_tags
+        self._allowed_attributes = allowed_attributes
+        self._allowed_styles = allowed_styles
+        self._strip = strip
+        super(SanitizedCharField, self).__init__(*args, **kwargs)
+
+    def clean(self, value):
+        value = super(SanitizedCharField, self).clean(value)
+        return bleach.clean(value, tags=self._allowed_tags,
+            attributes=self._allowed_attributes, 
+            styles=self._allowed_styles, strip=self._strip)
diff --git a/sanitizer/models.py b/sanitizer/models.py
new file mode 100644
index 0000000..afc2590
--- /dev/null
+++ b/sanitizer/models.py
@@ -0,0 +1,61 @@
+from django.conf import settings
+from django.db import models
+
+import sys
+if sys.version_info[0] == 3:
+    from django.utils.encoding import smart_text as smart_unicode
+else:
+    from django.utils.encoding import smart_unicode
+
+import bleach
+
+
+class SanitizedCharField(models.CharField):
+    
+    def __init__(self, allowed_tags=[], allowed_attributes=[],
+                 allowed_styles=[], strip=False, 
+                 *args, **kwargs):
+        self._sanitizer_allowed_tags = allowed_tags
+        self._sanitizer_allowed_attributes = allowed_attributes
+        self._sanitizer_allowed_styles = allowed_styles
+        self._sanitizer_strip = strip
+        super(SanitizedCharField, self).__init__(*args, **kwargs)
+
+    def to_python(self, value):
+        value = super(SanitizedCharField, self).to_python(value)
+        value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+            attributes=self._sanitizer_allowed_attributes, 
+            styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+        return smart_unicode(value)
+
+
+class SanitizedTextField(models.TextField):
+    
+    def __init__(self, allowed_tags=[], allowed_attributes=[], 
+                 allowed_styles=[], strip=False, 
+                 *args, **kwargs):
+        self._sanitizer_allowed_tags = allowed_tags
+        self._sanitizer_allowed_attributes = allowed_attributes
+        self._sanitizer_allowed_styles = allowed_styles
+        self._sanitizer_strip = strip
+        super(SanitizedTextField, self).__init__(*args, **kwargs)
+
+    def to_python(self, value):
+        value = super(SanitizedTextField, self).to_python(value)
+        value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+            attributes=self._sanitizer_allowed_attributes, 
+            styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+        return smart_unicode(value)
+
+    def get_prep_value(self, value):
+        value = super(SanitizedTextField, self).get_prep_value(value)
+        value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+            attributes=self._sanitizer_allowed_attributes, 
+            styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+        return value
+
+
+if 'south' in settings.INSTALLED_APPS:
+    from south.modelsinspector import add_introspection_rules
+    add_introspection_rules([], ["^sanitizer\.models\.SanitizedCharField"])
+    add_introspection_rules([], ["^sanitizer\.models\.SanitizedTextField"])
diff --git a/sanitizer/tests.py b/sanitizer/tests.py
new file mode 100644
index 0000000..21d0dcd
--- /dev/null
+++ b/sanitizer/tests.py
@@ -0,0 +1,86 @@
+from django import forms
+from django.db import models
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from sanitizer.templatetags.sanitizer import (sanitize, sanitize_allow,
+    escape_html, strip_filter, strip_html)
+from .forms import SanitizedCharField as SanitizedFormField
+from .models import SanitizedCharField, SanitizedTextField
+
+
+ALLOWED_TAGS = ['a']
+ALLOWED_ATTRIBUTES = ['href', 'style']
+ALLOWED_STYLES = ['width']
+
+
+class TestingModel(models.Model):
+    test_field = SanitizedCharField(max_length=255, allowed_tags=ALLOWED_TAGS, 
+        allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+
+
+class TestingTextModel(models.Model):
+    test_field = SanitizedTextField(allowed_tags=ALLOWED_TAGS, 
+        allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+
+
+class TestForm(forms.Form):
+    test_field = SanitizedFormField(allowed_tags=['a'], 
+    allowed_attributes=['href', 'style'], allowed_styles=['width'])
+
+
+class SanitizerTest(TestCase):
+
+    @override_settings(SANITIZER_ALLOWED_TAGS=['a'])
+    def test_sanitize(self):
+        """ Test sanitize function in templatetags """
+        self.assertEqual(sanitize('test<script></script>'), 
+            'test<script></script>')
+
+    def test_strip_filter(self):
+        """ Test strip_html filter """
+        self.assertEqual(strip_filter('test<script></script>'), 'test')
+
+    def test_sanitize_allow(self):
+        """ Test sanitize_allow function in templatetags """
+        self.assertEqual(sanitize_allow('test<script></script><br>', 'br'), 'test<br>')
+        self.assertEqual(sanitize_allow('test<script></script><br/>', 'br'), 'test<br>')
+        self.assertEqual(sanitize_allow('<a href="">test</a>', 'a'), '<a>test</a>')
+        self.assertEqual(sanitize_allow('<a href="">test</a>', 'a; href'), '<a href="">test</a>')
+
+
+    def test_SanitizedCharField(self):
+        TestingModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
+        test = TestingModel.objects.latest('id')
+        self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
+
+
+    def test_SanitizedTextField(self):
+        TestingTextModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
+        test = TestingTextModel.objects.latest('id')
+        self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
+
+    def test_SanitizedFormField(self):
+        html = '<a href="" style="width: 200px; height: 400px">foo</a><em class=""></em>'
+        form = TestForm({ 'test_field': html })
+        form.is_valid()
+        self.assertEqual(form.cleaned_data['test_field'],
+                         '<a href="" style="width: 200px;">foo</a><em class=""></em>')
+
+    def test_escape_html(self):
+        html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
+        self.assertEqual(escape_html(html, allowed_tags='a', 
+            allowed_attributes='href,style', allowed_styles='width'),
+            '<a href="" style="width: 200px;">foo</a><em></em>')
+        self.assertEqual(escape_html(html, allowed_tags=['a'], 
+            allowed_attributes=['href', 'style'], allowed_styles=['width']),
+            '<a href="" style="width: 200px;">foo</a><em></em>')
+    
+    def test_strip_html(self):
+        html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
+        self.assertEqual(strip_html(html, allowed_tags='a', 
+            allowed_attributes='href,style', allowed_styles='width'),
+            '<a href="" style="width: 200px;">foo</a>')
+        self.assertEqual(strip_html(html, allowed_tags=['a'], 
+            allowed_attributes=['href', 'style'], allowed_styles=['width']),
+            '<a href="" style="width: 200px;">foo</a>')
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..6f08d0e
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,8 @@
+[bdist_wheel]
+universal = 1
+
+[egg_info]
+tag_build = 
+tag_date = 0
+tag_svn_revision = 0
+
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..cd64ff6
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+from setuptools import setup
+
+
+setup(
+    name='django-html_sanitizer',
+    version='0.1.5',
+    author='Selwin Ong',
... 24 lines suppressed ...

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/django-html-sanitizer.git



More information about the Python-modules-commits mailing list