hi adrian On Thu, Oct 8, 2009 at 09:04, Adrian von Bidder <[email protected]> wrote:
[Alex, you wouldn't consioder switching to a tool that respects proper threading? Your posts lack In-Reply-To (or References) headers, a standard which was invented >20years ago and is very convenient and much better than threading by Subject ...]
sorry, it's gmail web interface itself.
On Thursday 08 October 2009 03.33:41 [email protected] wrote:you could complement this by appropriate tw.tinimce settings to allow specific html constructs only, and set your code as validator.I'm building this thing "from the server side": I am first getting model and controller to the state I want it, the whole templating / toscawidgets stuff is currently waiting for the future. Right now it's just a hardcoded textarea... Yes, I'll certainly look at the available frontend options (tinymce might be nice, I haven't used it before.)as i am (unofficially) attempting to put up the tw.tinymce3 release, i'd be glad to let your code in this way.Consider it public domain. Parsers like these are quite obvious to write, so nothing to be protected here... (Just a bit background on how I'm doing it: The code is in the model class (controller sets entry.mimetype and then entry.content. Based on mimetype, various validators may be called on content (which is a property.) text/html is the first, I plan to eventually allow users of the model class plug-in their own supported MIME Type validators.)
cool.
cheers -- vbihth, On Wed, Oct 7, 2009 at 07:57, Adrian von Bidder <[email protected]>wrote:> On Tuesday 06 October 2009 07.14:17 Adrian von Bidder wrote: >> I want to allow HTML content. I'm sure there already is code for >> allowing restricted HTML subset - pointers very welcome. > > Seeing as there was no answer... > > Comments very welcome: > > def check_restricted_html(text): > '''The supported very simple subset of HTML is: > > - blockquote, ol, p, pre, ul tags at toplevel or inside a > blockquote. - li in ol and ul > - b, i, a anywhere but not nested > ''' > > def hasparent(e, tag): > while True: > e = e.getparent() > if e is None: > return False > if e.tag == tag: > return True > > for element in xml.iter(): > if element is xml: > continue > if element.tag in ['blockquote', 'ol', 'p', 'pre', 'ul'] \ > and not len(element.attrib) \ > and (element.getparent() is xml \ > or element.getparent().tag == 'blockquote'): > continue > if element.tag == 'li' and not len(element.attrib) \ > and element.getparent().tag in ['ol', 'ul']: > continue > if element.tag in ['b', 'i'] and not len(element.attrib) \ > and not hasparent(element, element.tag): > continue > if element.tag == 'a' and not hasparent(element, 'a') \ > and element.attrib.keys() == ['href'] \ > and re.match('^(mailto:|https?://)', > element.attrib['href']): # TODO sanitize href > continue > raise ValueError('Unsupported construct in restricted HTML at > "%s"' % etree.tostring(element)[:40]) > return xml > > cheers > -- vbi > > > -- > SCO's lawsuit is a lost cause. The implications for Linux users are > rather like the implications for passengers on an ocean liner of a > seagull diving into the water nearby. > -- Thomas Carey, Bromberg & Sunstein, LLP, attorney-- Nicht alles Originelle ist gut, aber alles Gute ist originell. -- Paul Hindemith
-- alex
smime.p7s
Description: S/MIME Cryptographic Signature
