How to use the bleach.Cleaner function in bleach
To help you get started, we’ve selected a few bleach examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
MTG / freesound / utils / text.py View on Github 
def clean_html(input):
# Reaplce html tags from user input, see utils.test for examples
ok_tags = [u"a", u"img", u"strong", u"b", u"em", u"i", u"u", u"ul", u"li", u"p", u"br", u"blockquote", u"code"]
ok_attributes = {u"a": [u"href", u"rel"], u"img": [u"src", u"alt", u"title"]}
# all other tags: replace with the content of the tag
# If input contains link in the format: then convert it to < http:// >
# This is because otherwise the library recognizes it as a tag and breaks the link.
input = re.sub("\<(http\S+?)\>", r'< \1 >', input)
cleaner = bleach.Cleaner(
filters=[
EmptyLinkFilter,
partial(bleach.linkifier.LinkifyFilter, callbacks=[nofollow]),
],
attributes=ok_attributes,
tags=ok_tags,
strip=True)
output = cleaner.clean(input)
return output- inject_meta_charset
- minimize_boolean_attributes
- omit_optional_tags
- quote_attr_values
- quote_char
- resolve_entities
- sanitize
- space_before_trailing_solidus
- strip_whitespace
- use_best_quote_char
- use_trailing_solidus
:type serializer_kwargs: Dict[str, bool]
:rtype: bleach.Cleaner
"""
cleaner = bleach.Cleaner([], strip=True)
for k, v in serializer_kwargs.items():
if k not in HTMLSerializer.options:
raise ValueError(
"Parameter %s is not a valid option for HTMLSerializer" % k
)
setattr(cleaner.serializer, k, v)
return cleaner
def clean_localized_string(self):
# All links (text and markup) are normalized.
linkify_filter = partial(
bleach.linkifier.LinkifyFilter,
callbacks=[linkify_bounce_url_callback, bleach.callbacks.nofollow])
# Keep only the allowed tags and attributes, escape the rest.
cleaner = bleach.Cleaner(
tags=self.allowed_tags, attributes=self.allowed_attributes,
filters=[linkify_filter])
return cleaner.clean(str(self.localized_string))def markdown(s: str) -> str:
commented_shortcodes = shortcodes.comment_shortcodes(s)
tainted_html = commonmark.commonmark(commented_shortcodes)
# Create a Cleaner that supports parsing of bare links (see filters).
cleaner = bleach.Cleaner(tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES,
styles=ALLOWED_STYLES,
strip_comments=False,
filters=[bleach.linkifier.LinkifyFilter])
safe_html = cleaner.clean(tainted_html)
return safe_htmllinkify_skip_tags = getattr(settings, 'MARKDOWNIFY_LINKIFY_SKIP_TAGS', None)
linkifyfilter = bleach.linkifier.LinkifyFilter
linkify = [partial(linkifyfilter,
callbacks=linkify_callbacks,
skip_tags=linkify_skip_tags,
parse_email=linkify_parse_email
)]
# Convert markdown to html
html = markdown.markdown(text, extensions=extensions)
# Sanitize html if wanted
if getattr(settings, 'MARKDOWNIFY_BLEACH', True):
cleaner = bleach.Cleaner(tags=whitelist_tags,
attributes=whitelist_attrs,
styles=whitelist_styles,
protocols=whitelist_protocols,
strip=strip,
filters=linkify,
)
html = cleaner.clean(html)
return mark_safe(html)def _get_cleaner():
global cleaner
if cleaner is None:
linkify_filter = partial(
LinkifyFilter, callbacks=[_linkify_target_blank, _linkify_rel]
)
cleaner = bleach.Cleaner(
tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRIBUTES, filters=[linkify_filter]
)
return cleanerdef html(self, node):
"""The cleaned HTML of the page"""
html_output = build_html_output(self.content, node=node)
try:
cleaner = Cleaner(
tags=settings.WIKI_WHITELIST['tags'],
attributes=settings.WIKI_WHITELIST['attributes'],
styles=settings.WIKI_WHITELIST['styles'],
filters=[partial(LinkifyFilter, callbacks=[nofollow, ])]
)
return cleaner.clean(html_output)
except TypeError:
logger.warning('Returning unlinkified content.')
return render_content(self.content, node=node)- inject_meta_charset
- minimize_boolean_attributes
- omit_optional_tags
- quote_attr_values
- quote_char
- resolve_entities
- sanitize
- space_before_trailing_solidus
- strip_whitespace
- use_best_quote_char
- use_trailing_solidus
:type serializer_kwargs: Dict[str, bool]
:rtype: bleach.Cleaner
"""
cleaner = bleach.Cleaner([], strip=True)
for k, v in serializer_kwargs.items():
if k not in HTMLSerializer.options:
raise ValueError(
"Parameter %s is not a valid option for HTMLSerializer" % k
)
setattr(cleaner.serializer, k, v)
return cleaner
bleach
An easy safelist-based HTML-sanitizing tool.
Package Health Score
97 / 100Popular bleach functions
- bleach.__version__.split
- bleach.ALLOWED_ATTRIBUTES
- bleach.ALLOWED_ATTRIBUTES.copy
- bleach.ALLOWED_TAGS
- bleach.callbacks
- bleach.callbacks.nofollow
- bleach.callbacks.target_blank
- bleach.clean
- bleach.Cleaner
- bleach.html5lib_shim
- bleach.html5lib_shim.BleachHTMLParser
- bleach.html5lib_shim.BleachHTMLSerializer
- bleach.html5lib_shim.convert_entities
- bleach.html5lib_shim.getTreeWalker
- bleach.linkifier
- bleach.linkifier.LinkifyFilter
- bleach.linkify
- bleach.sanitizer
- bleach.sanitizer.Cleaner
- bleach.utils.alphabetize_attributes