The htmllaundry package contains several handy Python methods to cleanup HTML markup or perform other common changes. The cleanup is strict enough to be able to clean HTML pasted from MS Word or Apple Pages. This package also contains integration code for z3c.form to provide fields that automatically sanitize HTML on save.
The implementation is based on the Cleaner class from lxml.
Cleanup routines
All cleanup routines can be invoked through the single sanitize function. This functions takes an input string as input and will return a cleaned up version of that string. Here is a simple example:
>>> from htmllaundry import sanitize
>>> sanitize('Hello, < em >world< /em >')
'< p >Hello, < em >world< /em >< /p >'
The sanitize method takes an extra optional parameter with a lxml Cleaner instance, which can be used to use different filtering rules. htmllaundry includes three cleaners:
* htmllaundry.cleaners.DocumentCleaner, which is the default cleaner. This cleaner will allow most safe tags, while stripping out inline styles and insecure markup.
* htmllaundry.cleaners.LineCleaner is a more strict cleaner which only allows a few inline elements. This is useful in places where you only want to accept single-line input, for example in document titles.
* htmllaundry.cleaners.CommentCleaner only allows a very limited set of HTML elements, and is designed to be useful for user provided comments.
If you want to go all the way you can also use StripMarkup to strip all markup from your input:
>>> from htmllaundry import StripMarkup
>>> StripMarkup('Hello, < em >world< /em >')
'Hello, world'
z3c.form integration
If you want to use the z3c.form integration you should use the z3cform extra for this package:
install_requires=[
....
htmllaundry [z3cform]
...
],
In addition you will need to load the ZCML. In your configure.zcml add a line like this:
< include package="htmllaundry" / >
You can then use the HtmlText field type in your schemas. For example:
from zope.interface import Interface
from zope import schema
from htmllaundry.z3cform import HtmlText
class IDocument(Interface):
title = schema.TextLine(
title = _(u"Title"),
required = True)
description = HtmlText(
title = _(u"Description"),
required = True)
Please note that using HtmlText will not automatically give you a WYSYWIG widget.
What is new in this release:
- Add option to sanitize to specify a different wrap element or skip wrapping completely.
What is new in version 1.9:
- Add MANIFEST.in to faciliate releases not made from subversion.
- Fix all cleaners to strip javascript. This fixes issue 1.
What is new in version 1.8:
- Remove link target enforcement from hardcoded code path from sanitize. This makes it possible to use the new link_target cleaner option.
What is new in version 1.7:
- Make forcing of target attributes on externals linke configurable via a new link_target option in the cleaners. Only enable this option for the CommentCleaner.
What is new in version 1.6:
- Correct whitespace test for wrapping bare text as well.
What is new in version 1.4:
- Small code cleanup.
- Strip leading breaks.
What is new in version 1.3:
- Strip all top level br elements. Breaks are fine in blocklevel elements, but should not be used to add vertical spacing between block elements.
What is new in version 1.2:
- Fix a typo in the documentation.
- Strip trailing breaks.
Requirements:
- Python
Comments not found