[TurboGears] Re: Restricted HTML

Wed, 07 Oct 2009 18:38:19 -0700 

forgot the pointer, as usual: http://bitbucket.org/alexbodn/twtinymce3/

On Thu, Oct 8, 2009 at 03:33,  <[email protected]> wrote:

hello adrian,

nice code.

you could complement this by appropriate tw.tinimce settings to allow
specific html constructs only, and set your code as validator.

as i am (unofficially) attempting to put up the tw.tinymce3 release, i'd be
glad to let your code in this way.

hth,

On Wed, Oct 7, 2009 at 07:57, Adrian von Bidder <[email protected]>
wrote:


On Tuesday 06 October 2009 07.14:17 Adrian von Bidder wrote:


I want to allow HTML content.  I'm sure there already is code for
 allowing restricted HTML subset - pointers very welcome.


Seeing as there was no answer...

Comments very welcome:

def check_restricted_html(text):
   '''The supported very simple subset of HTML is:

   - blockquote, ol, p, pre, ul tags at toplevel or inside a blockquote.
   - li in ol and ul
   - b, i, a anywhere but not nested
   '''

   def hasparent(e, tag):
       while True:
           e = e.getparent()
           if e is None:
               return False
           if e.tag == tag:
               return True

   for element in xml.iter():
       if element is xml:
           continue
       if element.tag in ['blockquote', 'ol', 'p', 'pre', 'ul'] \
               and not len(element.attrib) \
               and (element.getparent() is xml \
                   or element.getparent().tag == 'blockquote'):
           continue
       if element.tag == 'li' and not len(element.attrib) \
               and element.getparent().tag in ['ol', 'ul']:
           continue
       if element.tag in ['b', 'i'] and not len(element.attrib) \
               and not hasparent(element, element.tag):
           continue
       if element.tag == 'a' and not hasparent(element, 'a') \
               and element.attrib.keys() == ['href'] \
               and re.match('^(mailto:|https?://)',
element.attrib['href']):
           # TODO sanitize href
           continue
       raise ValueError('Unsupported construct in restricted HTML at "%s"'
%
               etree.tostring(element)[:40])
   return xml

cheers
-- vbi


--
SCO's lawsuit is a lost cause. The implications for Linux users are
rather like the implications for passengers on an ocean liner of a
seagull diving into the water nearby.
       -- Thomas Carey, Bromberg & Sunstein, LLP, attorney





--
alex






--
alex

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to