Safing HTML Text Input

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import re

@register.filter
def forumFormat (value):
  allowedhtml = ['br', 'strong', 'b', 'p', 'div', 'em', 'u', 'strike', 'ul', 'li', 'ol', 'a', 'img', 'highlight', 'sup', 'sub', 'span', 'big', 'small', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'h7', 'h8', 'pre', 'address', 'code', 'kbd', 'samp', 'var', 'del', 'ins', 'cite', 'q', 'bdo']
  ret = ""
  ok = False
  closed = True
  
  for i in range(0, len(value)):
    c = value[i:i + 1]
    if c == '<':
      if closed:
        ok = False
        for a in allowedhtml:
          if re.search("^\s*" + a, value[i + 1:], re.I) or re.search("^/\s*" + a, value[i + 1:], re.I):
            ok = True
            closed = False
            break
            
        if not ok:
          c = "&lt;"
          
      else:
        c = "&lt;"
        
    elif c == ">":
      if ok:
        ok = False
        closed = True
        
      else:
        c = "&gt;"
        
    ret += c
    
  return ret
  

More like this

  1. Sanitize HTML filter with tag/attribute whitelist and XSS protection by harrym 4 years, 9 months ago
  2. Cleanup dirty HTML from a WYSIWYG editor by denis 4 years, 11 months ago
  3. DaGood breadcrumbs by drozzy 5 years, 3 months ago
  4. Sanitize text field HTML (here from the Dojo Toolkit Editor2 widget) by akaihola 7 years ago
  5. Django csrf_token Template Tag Fix by Reustle 3 years, 8 months ago

Comments

(Forgotten your password?)