- September 28, 2007
- validator newforms forms html sanitize profanities
- -2 (after 2 ratings)
I was about to start an online community but every time you allow people to post something as a comment you never know what they come up to, especially regarding profanities.
So I come up with this idea, I put together some code from the old style form validators and the new newform style, plus some code to sanitize HTML from snippet number 169, and the final result is a CharField that only accept values without swear words, profanities, curses and bad html.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
from django import newforms as forms from django.conf import settings from django.newforms.fields import EMPTY_VALUES from django.utils.translation import ugettext as _, ungettext from utils.BeautifulSoup import BeautifulSoup, Comment class CleanCharField(forms.CharField): valid_tags= settings.VALID_TAGS.split() valid_attrs= settings.VALID_ATTRS.split() def clean(self, value): """ Checks that the given string has no profanities in it. This does a simple check for whether each profanity exists within the string, so 'fuck' will catch 'motherfucker' as well. Raises a ValidationError such as: Watch your mouth! The words "f--k" and "s--t" are not allowed here. """ value= value.lower() # normalize words_seen= [w for w in settings.PROFANITIES_LIST if w in value] if words_seen: from django.utils.text import get_text_list plural= len(words_seen) raise forms.ValidationError, ungettext("Watch your mouth! The word %s is not allowed here.", "Watch your mouth! The words %s are not allowed here.", plural) % \ get_text_list(['"%s%s%s"' % (i, '-'*(len(i)-2), i[-1]) for i in words_seen], _('and')) """ Cleans non-allowed HTML from the input """ value= super(CleanCharField, self).clean(value) soup= BeautifulSoup(value) for comment in soup.findAll(text=lambda text: isinstance(text, Comment)): comment.extract() for tag in soup.findAll(True): if tag.name not in self.valid_tags: tag.hidden= True tag.attrs= [(attr, val) for attr, val in tag.attrs if attr in self.valid_attrs] return soup.renderContents().decode('utf8') settings.py: PROFANITIES_LIST = ('asshat', 'asshead', 'asshole', 'cunt', 'fuck', 'gook', 'nigger', 'shit',) VALID_TAGS= 'p i strong b u a h1 h2 h3 pre br img' VALID_ATTRS= 'href src'
More like this
- shortcut for saving newforms to model by james_027 7 years, 8 months ago
- Sanitize HTML filter by henriklied 8 years ago
- Sanitize text field HTML (here from the Dojo Toolkit Editor2 widget) by akaihola 8 years ago
- Sanitize HTML filter with tag/attribute whitelist and XSS protection by harrym 5 years, 9 months ago
- Upload a file using newforms by mboersma 8 years, 1 month ago