[Alex, you wouldn't consioder switching to a tool that respects proper threading? Your posts lack In-Reply-To (or References) headers, a standard which was invented >20years ago and is very convenient and much better than threading by Subject ...]
On Thursday 08 October 2009 03.33:41 [email protected] wrote: > you could complement this by appropriate tw.tinimce settings to allow > specific html constructs only, and set your code as validator. I'm building this thing "from the server side": I am first getting model and controller to the state I want it, the whole templating / toscawidgets stuff is currently waiting for the future. Right now it's just a hardcoded textarea... Yes, I'll certainly look at the available frontend options (tinymce might be nice, I haven't used it before.) > as i am (unofficially) attempting to put up the tw.tinymce3 release, i'd > be glad to let your code in this way. Consider it public domain. Parsers like these are quite obvious to write, so nothing to be protected here... (Just a bit background on how I'm doing it: The code is in the model class (controller sets entry.mimetype and then entry.content. Based on mimetype, various validators may be called on content (which is a property.) text/html is the first, I plan to eventually allow users of the model class plug-in their own supported MIME Type validators.) cheers -- vbi > > hth, > > On Wed, Oct 7, 2009 at 07:57, Adrian von Bidder <[email protected]> wrote: > > On Tuesday 06 October 2009 07.14:17 Adrian von Bidder wrote: > >> I want to allow HTML content. I'm sure there already is code for > >> allowing restricted HTML subset - pointers very welcome. > > > > Seeing as there was no answer... > > > > Comments very welcome: > > > > def check_restricted_html(text): > > '''The supported very simple subset of HTML is: > > > > - blockquote, ol, p, pre, ul tags at toplevel or inside a > > blockquote. - li in ol and ul > > - b, i, a anywhere but not nested > > ''' > > > > def hasparent(e, tag): > > while True: > > e = e.getparent() > > if e is None: > > return False > > if e.tag == tag: > > return True > > > > for element in xml.iter(): > > if element is xml: > > continue > > if element.tag in ['blockquote', 'ol', 'p', 'pre', 'ul'] \ > > and not len(element.attrib) \ > > and (element.getparent() is xml \ > > or element.getparent().tag == 'blockquote'): > > continue > > if element.tag == 'li' and not len(element.attrib) \ > > and element.getparent().tag in ['ol', 'ul']: > > continue > > if element.tag in ['b', 'i'] and not len(element.attrib) \ > > and not hasparent(element, element.tag): > > continue > > if element.tag == 'a' and not hasparent(element, 'a') \ > > and element.attrib.keys() == ['href'] \ > > and re.match('^(mailto:|https?://)', > > element.attrib['href']): # TODO sanitize href > > continue > > raise ValueError('Unsupported construct in restricted HTML at > > "%s"' % etree.tostring(element)[:40]) > > return xml > > > > cheers > > -- vbi > > > > > > -- > > SCO's lawsuit is a lost cause. The implications for Linux users are > > rather like the implications for passengers on an ocean liner of a > > seagull diving into the water nearby. > > -- Thomas Carey, Bromberg & Sunstein, LLP, attorney > -- Nicht alles Originelle ist gut, aber alles Gute ist originell. -- Paul Hindemith
signature.asc
Description: This is a digitally signed message part.
