You can port this code [1] from C# to Python, shouldn't take long. The code is used on the StackOverflow [2] website for exactly the same purposes as yours.
[1] http://refactormycode.com/codes/333-sanitize-html [2] http://stackoverflow.com/ On Jan 22, 9:47 am, Dave <ddev...@gmail.com> wrote: > There must be an easy answer for this problem and I almost feel dumb > for asking.... BUT I can't figure it out and have spent too much time > trying. The scenerio is a comment/blog situation. I am using tinyMCE > which is creating 'trustable' html. I can display this with django by > using {{field|safe}}... all is good. > > The problem is some bozo will have their way with the textarea by > turning of their javascript. So I'm trying to figure out best way to > sanitize the data. The normal escaping of data won't work because it > clobbers the 'good' html from tinyMCE. Anyway would be good to > sanitize even the tinyMCE generated html. > > I've been looking at using html5 lib/parser but can't seem to get it > to work. I've even gone through creating a replace method to escape > everything and then put back the 'good' tags. However, that seems like > a round-about way to go and get's really nasty when considering img, > span, etc. tags tinyMCE creates so nicely. Surely many have come > across this and there an easy answer. > > All suggestions and recommendations are greatly appreciated. > > thx, > > Dave --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
