Safing HTML Text Input

Author:: PizzaPanther
Posted:: December 16, 2008
Language:: Python
Version:: 1.0
Score:: 1 (after 1 ratings)

Download
Raw

Personally I hate using markdown for text input just so it can be converted into HTML. Markdown languages almost always don't support some thing I want to do; thus, why not just use HTML in the first place. Well because you don't want anybody posting any kind of HTML on your site.

Solution, instead of making your users learn markdown, let them enter HTML and filter out bad tags. This is a filter I use to filter HTML for only certain allowed tags. The allowed tags can be configured with the allowedhtml list.

To make your text input even more user friendly use a Javascript HTML editor like FCK Editor so your users will have a nice GUI editor.

import re

@register.filter
def forumFormat (value):
  allowedhtml = ['br', 'strong', 'b', 'p', 'div', 'em', 'u', 'strike', 'ul', 'li', 'ol', 'a', 'img', 'highlight', 'sup', 'sub', 'span', 'big', 'small', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'h7', 'h8', 'pre', 'address', 'code', 'kbd', 'samp', 'var', 'del', 'ins', 'cite', 'q', 'bdo']
  ret = ""
  ok = False
  closed = True
  
  for i in range(0, len(value)):
    c = value[i:i + 1]
    if c == '<':
      if closed:
        ok = False
        for a in allowedhtml:
          if re.search("^\s*" + a, value[i + 1:], re.I) or re.search("^/\s*" + a, value[i + 1:], re.I):
            ok = True
            closed = False
            break
            
        if not ok:
          c = "&lt;"
          
      else:
        c = "&lt;"
        
    elif c == ">":
      if ok:
        ok = False
        closed = True
        
      else:
        c = "&gt;"
        
    ret += c
    
  return ret

Comments

Please login first before commenting.

Safing HTML Text Input

More like this

Comments