[Python-modules-commits] [django-html-sanitizer] 01/01: Import django-html-sanitizer_0.1.5.orig.tar.gz
Scott Kitterman
kitterman at moszumanska.debian.org
Wed Nov 9 16:28:40 UTC 2016
This is an automated email from the git hooks/post-receive script.
kitterman pushed a commit to branch master
in repository django-html-sanitizer.
commit 0d9f9098c844fd168893a094fb76b74ae7f3b87d
Author: Scott Kitterman <scott at kitterman.com>
Date: Wed Nov 9 10:14:07 2016 -0500
Import django-html-sanitizer_0.1.5.orig.tar.gz
---
LICENSE.txt | 20 ++
MANIFEST.in | 2 +
PKG-INFO | 203 +++++++++++++++++++++
README.rst | 183 +++++++++++++++++++
django_html_sanitizer.egg-info/PKG-INFO | 203 +++++++++++++++++++++
django_html_sanitizer.egg-info/SOURCES.txt | 17 ++
.../dependency_links.txt | 1 +
django_html_sanitizer.egg-info/not-zip-safe | 1 +
django_html_sanitizer.egg-info/pbr.json | 1 +
django_html_sanitizer.egg-info/requires.txt | 2 +
django_html_sanitizer.egg-info/top_level.txt | 1 +
sanitizer/__init__.py | 3 +
sanitizer/decorators.py | 40 ++++
sanitizer/forms.py | 22 +++
sanitizer/models.py | 61 +++++++
sanitizer/tests.py | 86 +++++++++
setup.cfg | 8 +
setup.py | 32 ++++
18 files changed, 886 insertions(+)
diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000..67ec320
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,20 @@
+Copyright (c) 2012 Selwin Ong
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/MANIFEST.in b/MANIFEST.in
new file mode 100644
index 0000000..48fde0c
--- /dev/null
+++ b/MANIFEST.in
@@ -0,0 +1,2 @@
+include LICENSE.txt
+include README.rst
\ No newline at end of file
diff --git a/PKG-INFO b/PKG-INFO
new file mode 100644
index 0000000..549051a
--- /dev/null
+++ b/PKG-INFO
@@ -0,0 +1,203 @@
+Metadata-Version: 1.1
+Name: django-html_sanitizer
+Version: 0.1.5
+Summary: Provides a set of HTML cleaning utilities for django models, forms and templates.
+Home-page: https://github.com/ui/django-html_sanitizer
+Author: Selwin Ong
+Author-email: selwin.ong at gmail.com
+License: MIT
+Description: =====================
+ Django HTML Sanitizer
+ =====================
+
+ Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+ HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+ the excellent Python HTML sanitizer.
+
+
+ Dependencies
+ ============
+
+ - `django <http://djangoproject.com/>`_: http://djangoproject.com/
+ - `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+
+
+ Installation
+ ============
+
+ You'll first need to install the package (or download manually from
+ `pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+
+ pip install django-html_sanitizer
+
+ And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+
+ INSTALLED_APPS = (
+ # other apps
+ "sanitizer",
+ )
+
+
+ Model Usage
+ ===========
+
+ Similar to bleach, django sanitizer is a whitelist (only allows specified tags
+ and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+ that automatically sanitizes text values; ``SanitizedCharField`` and
+ ``SanitizedTextField``.
+
+ These fields accept extra arguments:
+
+ * allowed_tags: a list of allowed HTML tags
+ * allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+ tag keys with atttribute list for each key
+ * allowed_styles: a list of allowed styles if "style" is one of the allowed
+ attributes
+ * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+
+ Here's how to use it in django models::
+
+ from django.db import models
+ from sanitizer.models import SanitizedCharField, SanitizedTextField
+
+ class MyModel(models.Model):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+ Form Usage
+ ==========
+
+ Using django HTML sanitizer in django forms is very similar to model usage::
+
+ from django import forms
+ from sanitizer.forms import SanitizedCharField
+
+ class MyForm(forms.Form):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+ Template Usage
+ ==============
+
+ Django sanitizer provides a few differents ways of cleaning HTML in templates.
+
+ ``escape_html`` Template Tag
+ ----------------------------
+
+ Example usage::
+
+ {% load sanitizer %}
+ {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+
+ Assuming ``post.content`` contains the string
+ '<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+ output::
+
+ '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+
+ On django 1.4 you could also use keyword arguments::
+
+ {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+
+
+ ``strip_html`` Template Tag
+ ---------------------------
+
+ Example usage::
+
+ {% load sanitizer %}
+ {% strip_html post.content "a, p, img" "href, src" %}
+
+ If ``post.content`` contains the string
+ '<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+ ``escape_html`` Filter
+ ----------------------
+
+ Escapes HTML tags from string based on settings. To use this filter you need to
+ put these variables on settings.py:
+
+ * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+ * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+ * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+
+ For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+ ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``,
+ ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|escape_html }}
+
+ If ``post.content`` contains the string
+ '<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+
+ '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+
+
+ ``strip_html`` Filter
+ ---------------------
+
+ Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+
+ For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+ ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|strip_html }}
+
+ If ``post.content`` contains the string
+ '<a href ="#">Example</a><script>alert("x")</script>', we will get::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+
+ Changelog
+ =========
+
+ Version 0.1.5
+ -------------
+
+ * Fixes for smart_unicode and basestring (python 3.x support)
+
+ Version 0.1.4
+ -------------
+
+ * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+ ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_,
+ * Added an example of template tag usage using kwargs now that Django 1.4 is out
+
+ Version 0.1.2
+ -------------
+
+ * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+
+
+Platform: UNKNOWN
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Framework :: Django
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup :: HTML
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..5af5574
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,183 @@
+=====================
+Django HTML Sanitizer
+=====================
+
+Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+the excellent Python HTML sanitizer.
+
+
+Dependencies
+============
+
+- `django <http://djangoproject.com/>`_: http://djangoproject.com/
+- `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+
+
+Installation
+============
+
+You'll first need to install the package (or download manually from
+`pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+
+ pip install django-html_sanitizer
+
+And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+
+ INSTALLED_APPS = (
+ # other apps
+ "sanitizer",
+ )
+
+
+Model Usage
+===========
+
+Similar to bleach, django sanitizer is a whitelist (only allows specified tags
+and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+that automatically sanitizes text values; ``SanitizedCharField`` and
+``SanitizedTextField``.
+
+These fields accept extra arguments:
+
+* allowed_tags: a list of allowed HTML tags
+* allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+ tag keys with atttribute list for each key
+* allowed_styles: a list of allowed styles if "style" is one of the allowed
+ attributes
+* strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+
+Here's how to use it in django models::
+
+ from django.db import models
+ from sanitizer.models import SanitizedCharField, SanitizedTextField
+
+ class MyModel(models.Model):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+Form Usage
+==========
+
+Using django HTML sanitizer in django forms is very similar to model usage::
+
+ from django import forms
+ from sanitizer.forms import SanitizedCharField
+
+ class MyForm(forms.Form):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+Template Usage
+==============
+
+Django sanitizer provides a few differents ways of cleaning HTML in templates.
+
+``escape_html`` Template Tag
+----------------------------
+
+Example usage::
+
+ {% load sanitizer %}
+ {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+
+Assuming ``post.content`` contains the string
+'<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+output::
+
+ '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+
+On django 1.4 you could also use keyword arguments::
+
+ {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+
+
+``strip_html`` Template Tag
+---------------------------
+
+Example usage::
+
+ {% load sanitizer %}
+ {% strip_html post.content "a, p, img" "href, src" %}
+
+If ``post.content`` contains the string
+'<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+``escape_html`` Filter
+----------------------
+
+Escapes HTML tags from string based on settings. To use this filter you need to
+put these variables on settings.py:
+
+* ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+* ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+* ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+
+For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``,
+``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|escape_html }}
+
+If ``post.content`` contains the string
+'<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+
+ '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+
+
+``strip_html`` Filter
+---------------------
+
+Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+
+For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|strip_html }}
+
+If ``post.content`` contains the string
+'<a href ="#">Example</a><script>alert("x")</script>', we will get::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+
+Changelog
+=========
+
+Version 0.1.5
+-------------
+
+* Fixes for smart_unicode and basestring (python 3.x support)
+
+Version 0.1.4
+-------------
+
+* ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+ ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_,
+* Added an example of template tag usage using kwargs now that Django 1.4 is out
+
+Version 0.1.2
+-------------
+
+* ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+
diff --git a/django_html_sanitizer.egg-info/PKG-INFO b/django_html_sanitizer.egg-info/PKG-INFO
new file mode 100644
index 0000000..ea2efdb
--- /dev/null
+++ b/django_html_sanitizer.egg-info/PKG-INFO
@@ -0,0 +1,203 @@
+Metadata-Version: 1.1
+Name: django-html-sanitizer
+Version: 0.1.5
+Summary: Provides a set of HTML cleaning utilities for django models, forms and templates.
+Home-page: https://github.com/ui/django-html_sanitizer
+Author: Selwin Ong
+Author-email: selwin.ong at gmail.com
+License: MIT
+Description: =====================
+ Django HTML Sanitizer
+ =====================
+
+ Django HTML Sanitizer provides a set of utilities to easily sanitize/escape/clean
+ HTML inputs in django. This app is built on top of `bleach <http://github.com/jsocol/bleach>`_,
+ the excellent Python HTML sanitizer.
+
+
+ Dependencies
+ ============
+
+ - `django <http://djangoproject.com/>`_: http://djangoproject.com/
+ - `bleach <http://github.com/jsocol/bleach>`_: http://github.com/jsocol/bleach
+
+
+ Installation
+ ============
+
+ You'll first need to install the package (or download manually from
+ `pypi <http://pypi.python.org/pypi/django-html_sanitizer>`_)::
+
+ pip install django-html_sanitizer
+
+ And then add ``sanitizer`` to your INSTALLED_APPS in django's ``settings.py``::
+
+ INSTALLED_APPS = (
+ # other apps
+ "sanitizer",
+ )
+
+
+ Model Usage
+ ===========
+
+ Similar to bleach, django sanitizer is a whitelist (only allows specified tags
+ and attributes) based HTML sanitizer. Django sanitizer provides two model fields
+ that automatically sanitizes text values; ``SanitizedCharField`` and
+ ``SanitizedTextField``.
+
+ These fields accept extra arguments:
+
+ * allowed_tags: a list of allowed HTML tags
+ * allowed_attributes: a list of allowed HTML attributes, or a dictionary of
+ tag keys with atttribute list for each key
+ * allowed_styles: a list of allowed styles if "style" is one of the allowed
+ attributes
+ * strip: a boolean indicating whether offending tags/attributes should be escaped or stripped
+
+ Here's how to use it in django models::
+
+ from django.db import models
+ from sanitizer.models import SanitizedCharField, SanitizedTextField
+
+ class MyModel(models.Model):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedTextField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+ Form Usage
+ ==========
+
+ Using django HTML sanitizer in django forms is very similar to model usage::
+
+ from django import forms
+ from sanitizer.forms import SanitizedCharField
+
+ class MyForm(forms.Form):
+ # Allow only <a>, <p>, <img> tags and "href" and "src" attributes
+ foo = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False)
+ bar = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes=['href', 'src'], strip=False, widget=forms.Textarea)
+ foo2 = SanitizedCharField(max_length=255, allowed_tags=['a', 'p', 'img'],
+ allowed_attributes={'img':['src', 'style']},
+ allowed_styles=['width', 'height'], strip=False)
+
+
+ Template Usage
+ ==============
+
+ Django sanitizer provides a few differents ways of cleaning HTML in templates.
+
+ ``escape_html`` Template Tag
+ ----------------------------
+
+ Example usage::
+
+ {% load sanitizer %}
+ {% escape_html post.content "a, p, img" "href, src, style" "width"%}
+
+ Assuming ``post.content`` contains the string
+ '<a href ="#" style="width:200px; height="400px">Example</a><script>alert("x")</script>', the above tag will
+ output::
+
+ '<a href ="#" style="width:200px;">Example</a><script>alert("x")</script>'
+
+ On django 1.4 you could also use keyword arguments::
+
+ {% escape_html '<a href="">bar</a>' allowed_tags="a,img" allowed_attributes="href,src" allowed_styles="width" %}
+
+
+ ``strip_html`` Template Tag
+ ---------------------------
+
+ Example usage::
+
+ {% load sanitizer %}
+ {% strip_html post.content "a, p, img" "href, src" %}
+
+ If ``post.content`` contains the string
+ '<a href ="#">Example</a><script>alert("x")</script>', this will give you::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+ ``escape_html`` Filter
+ ----------------------
+
+ Escapes HTML tags from string based on settings. To use this filter you need to
+ put these variables on settings.py:
+
+ * ``SANITIZER_ALLOWED_TAGS`` - a list of allowed tags (defaults to an empty list)
+ * ``SANITIZER_ALLOWED_ATTRIBUTES`` - a list of allowed attributes (defaults to an empty list)
+ * ``SANITIZER_ALLOWED_STYLES`` - a list of allowed styles if the style attribute is set (defaults to an empty list)
+
+ For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+ ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']``,
+ ``SANITIZER_ALLOWED_STYLES = ['width']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|escape_html }}
+
+ If ``post.content`` contains the string
+ '<a href ="#" style="width:200px; height:400px">Example</a><script>alert("x")</script>', it will give you::
+
+ '<a href ="#" style="width=200px;">Example</a><script>alert("x")</script>'
+
+
+ ``strip_html`` Filter
+ ---------------------
+
+ Similar to ``escape_html`` filter, except it strips out offending HTML tags.
+
+ For example if we have ``SANITIZER_ALLOWED_TAGS = ['a']``,
+ ``SANITIZER_ALLOWED_ATTRIBUTES = ['href']`` in settings.py, doing::
+
+ {% load sanitizer %}
+ {{ post.content|strip_html }}
+
+ If ``post.content`` contains the string
+ '<a href ="#">Example</a><script>alert("x")</script>', we will get::
+
+ '<a href ="#">Example</a>alert("x")'
+
+
+
+ Changelog
+ =========
+
+ Version 0.1.5
+ -------------
+
+ * Fixes for smart_unicode and basestring (python 3.x support)
+
+ Version 0.1.4
+ -------------
+
+ * ``CharField``, ``TextField``, ``strip_html`` and ``escape_html`` now support
+ ``allowed_styles`` (thanks `cltrudeau <https://github.com/cltrudeau)>`_,
+ * Added an example of template tag usage using kwargs now that Django 1.4 is out
+
+ Version 0.1.2
+ -------------
+
+ * ``allowed_tags`` and ``allowed_attributes`` in CharField and TextField now default to []
+
+
+Platform: UNKNOWN
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Web Environment
+Classifier: Framework :: Django
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Text Processing :: Markup :: HTML
diff --git a/django_html_sanitizer.egg-info/SOURCES.txt b/django_html_sanitizer.egg-info/SOURCES.txt
new file mode 100644
index 0000000..64f9b0a
--- /dev/null
+++ b/django_html_sanitizer.egg-info/SOURCES.txt
@@ -0,0 +1,17 @@
+LICENSE.txt
+MANIFEST.in
+README.rst
+setup.cfg
+setup.py
+django_html_sanitizer.egg-info/PKG-INFO
+django_html_sanitizer.egg-info/SOURCES.txt
+django_html_sanitizer.egg-info/dependency_links.txt
+django_html_sanitizer.egg-info/not-zip-safe
+django_html_sanitizer.egg-info/pbr.json
+django_html_sanitizer.egg-info/requires.txt
+django_html_sanitizer.egg-info/top_level.txt
+sanitizer/__init__.py
+sanitizer/decorators.py
+sanitizer/forms.py
+sanitizer/models.py
+sanitizer/tests.py
\ No newline at end of file
diff --git a/django_html_sanitizer.egg-info/dependency_links.txt b/django_html_sanitizer.egg-info/dependency_links.txt
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/django_html_sanitizer.egg-info/dependency_links.txt
@@ -0,0 +1 @@
+
diff --git a/django_html_sanitizer.egg-info/not-zip-safe b/django_html_sanitizer.egg-info/not-zip-safe
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/django_html_sanitizer.egg-info/not-zip-safe
@@ -0,0 +1 @@
+
diff --git a/django_html_sanitizer.egg-info/pbr.json b/django_html_sanitizer.egg-info/pbr.json
new file mode 100644
index 0000000..897537c
--- /dev/null
+++ b/django_html_sanitizer.egg-info/pbr.json
@@ -0,0 +1 @@
+{"is_release": false, "git_version": "6331113"}
\ No newline at end of file
diff --git a/django_html_sanitizer.egg-info/requires.txt b/django_html_sanitizer.egg-info/requires.txt
new file mode 100644
index 0000000..cd9f07b
--- /dev/null
+++ b/django_html_sanitizer.egg-info/requires.txt
@@ -0,0 +1,2 @@
+django
+bleach
diff --git a/django_html_sanitizer.egg-info/top_level.txt b/django_html_sanitizer.egg-info/top_level.txt
new file mode 100644
index 0000000..2aaf698
--- /dev/null
+++ b/django_html_sanitizer.egg-info/top_level.txt
@@ -0,0 +1 @@
+sanitizer
diff --git a/sanitizer/__init__.py b/sanitizer/__init__.py
new file mode 100644
index 0000000..85bd8ef
--- /dev/null
+++ b/sanitizer/__init__.py
@@ -0,0 +1,3 @@
+VERSION = (0, 1, 4)
+
+from .decorators import sanitize
diff --git a/sanitizer/decorators.py b/sanitizer/decorators.py
new file mode 100644
index 0000000..cf39398
--- /dev/null
+++ b/sanitizer/decorators.py
@@ -0,0 +1,40 @@
+from django import forms
+
+import bleach
+
+
+def get_sanitized_clean_func(original_clean, **kwargs):
+ def fn(value):
+ value = original_clean(value)
+ if isinstance(value, basestring):
+ value = bleach.clean(value, **kwargs)
+ return value
+ return fn
+
+
+class sanitize(object):
+
+
+ def __init__(self, tags=bleach.ALLOWED_TAGS,
+ attributes=bleach.ALLOWED_ATTRIBUTES, styles=[], strip=False,
+ strip_comments=True):
+ self.kwargs = {
+ 'tags': tags,
+ 'attributes': attributes,
+ 'styles': styles,
+ 'strip': strip,
+ 'strip_comments': strip_comments,
+ }
+
+
+ def __call__(self, cls):
+ self.actual_decorator(cls)
+ return cls
+
+
+ def actual_decorator(self, cls):
+ fields = [(key, value) for key, value in cls.base_fields.iteritems() if isinstance(value, forms.CharField)]
+ for field_name, field_object in fields:
+ original_clean = getattr(field_object, 'clean')
+ clean_func = get_sanitized_clean_func(original_clean, **self.kwargs)
+ setattr(field_object, 'clean', clean_func)
diff --git a/sanitizer/forms.py b/sanitizer/forms.py
new file mode 100644
index 0000000..9936dd6
--- /dev/null
+++ b/sanitizer/forms.py
@@ -0,0 +1,22 @@
+from django import forms
+
+import bleach
+
+
+class SanitizedCharField(forms.CharField):
+ """
+ A subclass of CharField that escapes (or strip) HTML tags and attributes.
+ """
+ def __init__(self, allowed_tags=[], allowed_attributes=[],
+ allowed_styles=[], strip=False, *args, **kwargs):
+ self._allowed_tags = allowed_tags
+ self._allowed_attributes = allowed_attributes
+ self._allowed_styles = allowed_styles
+ self._strip = strip
+ super(SanitizedCharField, self).__init__(*args, **kwargs)
+
+ def clean(self, value):
+ value = super(SanitizedCharField, self).clean(value)
+ return bleach.clean(value, tags=self._allowed_tags,
+ attributes=self._allowed_attributes,
+ styles=self._allowed_styles, strip=self._strip)
diff --git a/sanitizer/models.py b/sanitizer/models.py
new file mode 100644
index 0000000..afc2590
--- /dev/null
+++ b/sanitizer/models.py
@@ -0,0 +1,61 @@
+from django.conf import settings
+from django.db import models
+
+import sys
+if sys.version_info[0] == 3:
+ from django.utils.encoding import smart_text as smart_unicode
+else:
+ from django.utils.encoding import smart_unicode
+
+import bleach
+
+
+class SanitizedCharField(models.CharField):
+
+ def __init__(self, allowed_tags=[], allowed_attributes=[],
+ allowed_styles=[], strip=False,
+ *args, **kwargs):
+ self._sanitizer_allowed_tags = allowed_tags
+ self._sanitizer_allowed_attributes = allowed_attributes
+ self._sanitizer_allowed_styles = allowed_styles
+ self._sanitizer_strip = strip
+ super(SanitizedCharField, self).__init__(*args, **kwargs)
+
+ def to_python(self, value):
+ value = super(SanitizedCharField, self).to_python(value)
+ value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+ attributes=self._sanitizer_allowed_attributes,
+ styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ return smart_unicode(value)
+
+
+class SanitizedTextField(models.TextField):
+
+ def __init__(self, allowed_tags=[], allowed_attributes=[],
+ allowed_styles=[], strip=False,
+ *args, **kwargs):
+ self._sanitizer_allowed_tags = allowed_tags
+ self._sanitizer_allowed_attributes = allowed_attributes
+ self._sanitizer_allowed_styles = allowed_styles
+ self._sanitizer_strip = strip
+ super(SanitizedTextField, self).__init__(*args, **kwargs)
+
+ def to_python(self, value):
+ value = super(SanitizedTextField, self).to_python(value)
+ value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+ attributes=self._sanitizer_allowed_attributes,
+ styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ return smart_unicode(value)
+
+ def get_prep_value(self, value):
+ value = super(SanitizedTextField, self).get_prep_value(value)
+ value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
+ attributes=self._sanitizer_allowed_attributes,
+ styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ return value
+
+
+if 'south' in settings.INSTALLED_APPS:
+ from south.modelsinspector import add_introspection_rules
+ add_introspection_rules([], ["^sanitizer\.models\.SanitizedCharField"])
+ add_introspection_rules([], ["^sanitizer\.models\.SanitizedTextField"])
diff --git a/sanitizer/tests.py b/sanitizer/tests.py
new file mode 100644
index 0000000..21d0dcd
--- /dev/null
+++ b/sanitizer/tests.py
@@ -0,0 +1,86 @@
+from django import forms
+from django.db import models
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from sanitizer.templatetags.sanitizer import (sanitize, sanitize_allow,
+ escape_html, strip_filter, strip_html)
+from .forms import SanitizedCharField as SanitizedFormField
+from .models import SanitizedCharField, SanitizedTextField
+
+
+ALLOWED_TAGS = ['a']
+ALLOWED_ATTRIBUTES = ['href', 'style']
+ALLOWED_STYLES = ['width']
+
+
+class TestingModel(models.Model):
+ test_field = SanitizedCharField(max_length=255, allowed_tags=ALLOWED_TAGS,
+ allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+
+
+class TestingTextModel(models.Model):
+ test_field = SanitizedTextField(allowed_tags=ALLOWED_TAGS,
+ allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+
+
+class TestForm(forms.Form):
+ test_field = SanitizedFormField(allowed_tags=['a'],
+ allowed_attributes=['href', 'style'], allowed_styles=['width'])
+
+
+class SanitizerTest(TestCase):
+
+ @override_settings(SANITIZER_ALLOWED_TAGS=['a'])
+ def test_sanitize(self):
+ """ Test sanitize function in templatetags """
+ self.assertEqual(sanitize('test<script></script>'),
+ 'test<script></script>')
+
+ def test_strip_filter(self):
+ """ Test strip_html filter """
+ self.assertEqual(strip_filter('test<script></script>'), 'test')
+
+ def test_sanitize_allow(self):
+ """ Test sanitize_allow function in templatetags """
+ self.assertEqual(sanitize_allow('test<script></script><br>', 'br'), 'test<br>')
+ self.assertEqual(sanitize_allow('test<script></script><br/>', 'br'), 'test<br>')
+ self.assertEqual(sanitize_allow('<a href="">test</a>', 'a'), '<a>test</a>')
+ self.assertEqual(sanitize_allow('<a href="">test</a>', 'a; href'), '<a href="">test</a>')
+
+
+ def test_SanitizedCharField(self):
+ TestingModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
+ test = TestingModel.objects.latest('id')
+ self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
+
+
+ def test_SanitizedTextField(self):
+ TestingTextModel.objects.create(test_field='<a href="" style="width: 200px; height: 400px">foo</a><em>bar</em>')
+ test = TestingTextModel.objects.latest('id')
+ self.assertEqual(test.test_field, '<a href="" style="width: 200px;">foo</a><em>bar</em>')
+
+ def test_SanitizedFormField(self):
+ html = '<a href="" style="width: 200px; height: 400px">foo</a><em class=""></em>'
+ form = TestForm({ 'test_field': html })
+ form.is_valid()
+ self.assertEqual(form.cleaned_data['test_field'],
+ '<a href="" style="width: 200px;">foo</a><em class=""></em>')
+
+ def test_escape_html(self):
+ html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
+ self.assertEqual(escape_html(html, allowed_tags='a',
+ allowed_attributes='href,style', allowed_styles='width'),
+ '<a href="" style="width: 200px;">foo</a><em></em>')
+ self.assertEqual(escape_html(html, allowed_tags=['a'],
+ allowed_attributes=['href', 'style'], allowed_styles=['width']),
+ '<a href="" style="width: 200px;">foo</a><em></em>')
+
+ def test_strip_html(self):
+ html = '<a href="" class="" style="width: 200px; height: 400px">foo</a><em></em>'
+ self.assertEqual(strip_html(html, allowed_tags='a',
+ allowed_attributes='href,style', allowed_styles='width'),
+ '<a href="" style="width: 200px;">foo</a>')
+ self.assertEqual(strip_html(html, allowed_tags=['a'],
+ allowed_attributes=['href', 'style'], allowed_styles=['width']),
+ '<a href="" style="width: 200px;">foo</a>')
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..6f08d0e
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,8 @@
+[bdist_wheel]
+universal = 1
+
+[egg_info]
+tag_build =
+tag_date = 0
+tag_svn_revision = 0
+
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..cd64ff6
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+from setuptools import setup
+
+
+setup(
+ name='django-html_sanitizer',
+ version='0.1.5',
+ author='Selwin Ong',
... 24 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/django-html-sanitizer.git
More information about the Python-modules-commits
mailing list