django-bleach - Bleach and sanitise user HTML
=============================================
.. image:: https://readthedocs.org/projects/django-bleach/badge/?version=latest
:target: https://django-bleach.readthedocs.io/en/latest/?badge=latest
:alt: Documentation Status
.. image:: http://img.shields.io/pypi/v/django-bleach.svg?style=flat-square
:target: https://pypi.python.org/pypi/django-bleach/
:alt: Latest Version
.. image:: http://img.shields.io/pypi/l/django-bleach.svg?style=flat-square
:target: https://pypi.python.org/pypi/django-bleach/
:alt: License
.. image:: http://img.shields.io/pypi/dm/django-bleach.svg?style=flat-square
:target: https://pypi.python.org/pypi/django-bleach/
:alt: Downloads
|
.. image:: https://codecov.io/gh/marksweb/django-bleach/branch/master/graph/badge.svg
:target: https://codecov.io/gh/marksweb/django-bleach
.. image:: https://api.codacy.com/project/badge/Grade/c34f923ab0a84a6f96728866c749d511
:alt: Codacy Badge
:target: https://app.codacy.com/app/marksweb/django-bleach?utm_source=github.com&utm_medium=referral&utm_content=marksweb/django-bleach&utm_campaign=Badge_Grade_Dashboard
.. image:: https://results.pre-commit.ci/badge/github/marksweb/django-bleach/master.svg
:target: https://results.pre-commit.ci/latest/github/marksweb/django-bleach/master
:alt: pre-commit.ci status
.. image:: https://img.shields.io/lgtm/grade/python/g/marksweb/django-bleach.svg?logo=lgtm&logoWidth=18
:target: https://lgtm.com/projects/g/marksweb/django-bleach/context:python
:alt: Language grade: Python
.. image:: https://img.shields.io/lgtm/alerts/g/marksweb/django-bleach.svg?logo=lgtm&logoWidth=18
:target: https://lgtm.com/projects/g/marksweb/django-bleach/alerts/
:alt: Total alerts
|
Bleach_ is a Python module that takes any HTML input, and returns
valid, sanitised HTML that contains only an allowed subset of HTML tags,
attributes and styles. ``django-bleach`` is a Django app that makes using
``bleach`` extremely easy.
`Read the documentation here`_.
Setup
-----
1. Install ``django-bleach`` via ``pip``::
pip install django-bleach
2. Add ``django-bleach`` to your ``INSTALLED_APPS``:
.. code-block:: python
INSTALLED_APPS = [
# ...
'django_bleach',
# ...
]
3. Select some sensible defaults for the allowed tags, attributes and styles;
and the behaviour when unknown tags are encountered. Each of these are
optional, and default to using the ``bleach`` defaults. See the
`bleach documentation`_:
.. code-block:: python
# Which HTML tags are allowed
BLEACH_ALLOWED_TAGS = ['p', 'b', 'i', 'u', 'em', 'strong', 'a']
# Which HTML attributes are allowed
BLEACH_ALLOWED_ATTRIBUTES = ['href', 'title', 'style']
# Which CSS properties are allowed in 'style' attributes (assuming
# style is an allowed attribute)
BLEACH_ALLOWED_STYLES = [
'font-family', 'font-weight', 'text-decoration', 'font-variant']
# Strip unknown tags if True, replace with HTML escaped characters if
# False
BLEACH_STRIP_TAGS = True
# Strip comments, or leave them in.
BLEACH_STRIP_COMMENTS = False
4. Select the default widget for bleach fields. This defaults to
``django.forms.Textarea``, but you will probably want to replace it with a
WYSIWYG editor, or something similar:
.. code-block:: python
# Use the CKEditorWidget for bleached HTML fields
BLEACH_DEFAULT_WIDGET = 'wysiwyg.widgets.WysiwygWidget'
I use `django-ckeditor`_ in my projects, but what you use is up to you.
Usage
-----
In your models
**************
``django-bleach`` provides three ways of creating bleached output. The simplest
way of including user-editable HTML content that is automatically sanitised is
by using the ``BleachField`` model field:
.. code-block:: python
# in app/models.py
from django import models
from django_bleach.models import BleachField
class Post(models.Model):
title = models.CharField()
content = BleachField()
# ...
``BleachField`` takes the following arguments, to customise the output of
``bleach``. See the `bleach documentation`_ for their use:
* ``allowed_tags``
* ``allowed_attributes``
* ``strip_tags``
* ``strip_comments``
* ``css_sanitizer``
The following argument will be deprecated in the near future:
* ``allowed_styles``
In addition to the ``bleach``-specific arguments, the ``BleachField`` model field
accepts all of the normal field attributes. Behind the scenes, it is a
``TextField``, and accepts all the same arguments as the default ``TextField`` does.
The ``BleachField`` model field sanitises its value before it is saved to the
database and is marked safe so it can be immediately rendered in a template
without further intervention.
In model forms, ``BleachField`` model field are represented with the
``BleachField`` form field by default.
In your forms
*************
A ``BleachField`` form field is provided. This field sanitises HTML input from
the user, and presents safe, clean HTML to your Django application and the
returned value is marked safe for immediate rendering.
In your templates
*****************
If you have a piece of content from somewhere that needs to be printed in a
template, you can use the ``bleach`` filter:
.. code-block:: django
{% load bleach_tags %}
{{ some_unsafe_content|bleach }}
If filter has no arguments it uses default settings defined in your
application settings. You can override allowed tags by specifying them
as a parameter to the filter:
.. code-block:: django
{{ some_unsafe_content|bleach:"p,span" }}
There is also ``bleach_linkify`` which uses the linkify_ function of bleach
which converts URL-like strings in an HTML fragment to links
This function converts strings that look like URLs, domain names and email
addresses in text that may be an HTML fragment to links, while preserving:
1. links already in the string
2. urls found in attributes
3. email addresses
.. _bleach: https://github.com/mozilla/bleach
.. _Read the documentation here: https://django-bleach.readthedocs.io/
.. _bleach documentation: https://bleach.readthedocs.io/en/latest/clean.html
.. _django-ckeditor: https://github.com/shaunsephton/django-ckeditor
.. _linkify: https://bleach.readthedocs.io/en/latest/linkify.html?highlight=linkify#bleach.linkify "linkify"
Raw data
{
"_id": null,
"home_page": "https://github.com/marksweb/django-bleach",
"name": "django-bleach",
"maintainer": "Mark Walker",
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": "theshow+django-bleach@gmail.com",
"keywords": "",
"author": "Tim Heap",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/8c/d9/e50567bf752da972c4eb1e294af9692b656444341d115545e041c38e921c/django-bleach-3.1.0.tar.gz",
"platform": null,
"description": "django-bleach - Bleach and sanitise user HTML\n=============================================\n\n.. image:: https://readthedocs.org/projects/django-bleach/badge/?version=latest\n :target: https://django-bleach.readthedocs.io/en/latest/?badge=latest\n :alt: Documentation Status\n\n.. image:: http://img.shields.io/pypi/v/django-bleach.svg?style=flat-square\n :target: https://pypi.python.org/pypi/django-bleach/\n :alt: Latest Version\n\n.. image:: http://img.shields.io/pypi/l/django-bleach.svg?style=flat-square\n :target: https://pypi.python.org/pypi/django-bleach/\n :alt: License\n\n.. image:: http://img.shields.io/pypi/dm/django-bleach.svg?style=flat-square\n :target: https://pypi.python.org/pypi/django-bleach/\n :alt: Downloads\n\n|\n\n.. image:: https://codecov.io/gh/marksweb/django-bleach/branch/master/graph/badge.svg\n :target: https://codecov.io/gh/marksweb/django-bleach\n\n.. image:: https://api.codacy.com/project/badge/Grade/c34f923ab0a84a6f96728866c749d511\n :alt: Codacy Badge\n :target: https://app.codacy.com/app/marksweb/django-bleach?utm_source=github.com&utm_medium=referral&utm_content=marksweb/django-bleach&utm_campaign=Badge_Grade_Dashboard\n\n.. image:: https://results.pre-commit.ci/badge/github/marksweb/django-bleach/master.svg\n :target: https://results.pre-commit.ci/latest/github/marksweb/django-bleach/master\n :alt: pre-commit.ci status\n\n.. image:: https://img.shields.io/lgtm/grade/python/g/marksweb/django-bleach.svg?logo=lgtm&logoWidth=18\n :target: https://lgtm.com/projects/g/marksweb/django-bleach/context:python\n :alt: Language grade: Python\n\n.. image:: https://img.shields.io/lgtm/alerts/g/marksweb/django-bleach.svg?logo=lgtm&logoWidth=18\n :target: https://lgtm.com/projects/g/marksweb/django-bleach/alerts/\n :alt: Total alerts\n\n|\n\nBleach_ is a Python module that takes any HTML input, and returns\nvalid, sanitised HTML that contains only an allowed subset of HTML tags,\nattributes and styles. ``django-bleach`` is a Django app that makes using\n``bleach`` extremely easy.\n\n`Read the documentation here`_.\n\nSetup\n-----\n\n1. Install ``django-bleach`` via ``pip``::\n\n pip install django-bleach\n\n2. Add ``django-bleach`` to your ``INSTALLED_APPS``:\n\n .. code-block:: python\n\n INSTALLED_APPS = [\n # ...\n 'django_bleach',\n # ...\n ]\n\n3. Select some sensible defaults for the allowed tags, attributes and styles;\n and the behaviour when unknown tags are encountered. Each of these are\n optional, and default to using the ``bleach`` defaults. See the\n `bleach documentation`_:\n\n .. code-block:: python\n\n # Which HTML tags are allowed\n BLEACH_ALLOWED_TAGS = ['p', 'b', 'i', 'u', 'em', 'strong', 'a']\n\n # Which HTML attributes are allowed\n BLEACH_ALLOWED_ATTRIBUTES = ['href', 'title', 'style']\n\n # Which CSS properties are allowed in 'style' attributes (assuming\n # style is an allowed attribute)\n BLEACH_ALLOWED_STYLES = [\n 'font-family', 'font-weight', 'text-decoration', 'font-variant']\n\n # Strip unknown tags if True, replace with HTML escaped characters if\n # False\n BLEACH_STRIP_TAGS = True\n\n # Strip comments, or leave them in.\n BLEACH_STRIP_COMMENTS = False\n\n4. Select the default widget for bleach fields. This defaults to\n ``django.forms.Textarea``, but you will probably want to replace it with a\n WYSIWYG editor, or something similar:\n\n .. code-block:: python\n\n # Use the CKEditorWidget for bleached HTML fields\n BLEACH_DEFAULT_WIDGET = 'wysiwyg.widgets.WysiwygWidget'\n\n I use `django-ckeditor`_ in my projects, but what you use is up to you.\n\nUsage\n-----\n\nIn your models\n**************\n\n``django-bleach`` provides three ways of creating bleached output. The simplest\nway of including user-editable HTML content that is automatically sanitised is\nby using the ``BleachField`` model field:\n\n.. code-block:: python\n\n # in app/models.py\n\n from django import models\n from django_bleach.models import BleachField\n\n class Post(models.Model):\n\n title = models.CharField()\n content = BleachField()\n\n # ...\n\n``BleachField`` takes the following arguments, to customise the output of\n``bleach``. See the `bleach documentation`_ for their use:\n\n* ``allowed_tags``\n* ``allowed_attributes``\n* ``strip_tags``\n* ``strip_comments``\n* ``css_sanitizer``\n\nThe following argument will be deprecated in the near future:\n\n* ``allowed_styles``\n\nIn addition to the ``bleach``-specific arguments, the ``BleachField`` model field\naccepts all of the normal field attributes. Behind the scenes, it is a\n``TextField``, and accepts all the same arguments as the default ``TextField`` does.\n\nThe ``BleachField`` model field sanitises its value before it is saved to the\ndatabase and is marked safe so it can be immediately rendered in a template\nwithout further intervention.\n\nIn model forms, ``BleachField`` model field are represented with the\n``BleachField`` form field by default.\n\nIn your forms\n*************\n\nA ``BleachField`` form field is provided. This field sanitises HTML input from\nthe user, and presents safe, clean HTML to your Django application and the\nreturned value is marked safe for immediate rendering.\n\nIn your templates\n*****************\n\nIf you have a piece of content from somewhere that needs to be printed in a\ntemplate, you can use the ``bleach`` filter:\n\n.. code-block:: django\n\n {% load bleach_tags %}\n\n {{ some_unsafe_content|bleach }}\n\nIf filter has no arguments it uses default settings defined in your\napplication settings. You can override allowed tags by specifying them\nas a parameter to the filter:\n\n.. code-block:: django\n\n {{ some_unsafe_content|bleach:\"p,span\" }}\n\nThere is also ``bleach_linkify`` which uses the linkify_ function of bleach\nwhich converts URL-like strings in an HTML fragment to links\n\nThis function converts strings that look like URLs, domain names and email\naddresses in text that may be an HTML fragment to links, while preserving:\n\n1. links already in the string\n2. urls found in attributes\n3. email addresses\n\n\n.. _bleach: https://github.com/mozilla/bleach\n.. _Read the documentation here: https://django-bleach.readthedocs.io/\n.. _bleach documentation: https://bleach.readthedocs.io/en/latest/clean.html\n.. _django-ckeditor: https://github.com/shaunsephton/django-ckeditor\n.. _linkify: https://bleach.readthedocs.io/en/latest/linkify.html?highlight=linkify#bleach.linkify \"linkify\"\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Easily use bleach with Django models and templates",
"version": "3.1.0",
"project_urls": {
"Documentation": "https://django-bleach.readthedocs.io/",
"Homepage": "https://github.com/marksweb/django-bleach",
"Issues": "https://github.com/marksweb/django-bleach/issues",
"Release notes": "https://github.com/marksweb/django-bleach/blob/main/CHANGELOG.md",
"Source": "https://github.com/marksweb/django-bleach"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e4fde2cad28cfb86329e120486c1739ed66505cc1f089a28014e9322978e4a77",
"md5": "96c3b4ca25b3356cf6e2d90051728acb",
"sha256": "8d9117ca08c182ee20daaf99abbf800154db5cdbcb66ef1252dd7bb542dcf19d"
},
"downloads": -1,
"filename": "django_bleach-3.1.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "96c3b4ca25b3356cf6e2d90051728acb",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.8",
"size": 13929,
"upload_time": "2023-08-05T01:36:27",
"upload_time_iso_8601": "2023-08-05T01:36:27.663695Z",
"url": "https://files.pythonhosted.org/packages/e4/fd/e2cad28cfb86329e120486c1739ed66505cc1f089a28014e9322978e4a77/django_bleach-3.1.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8cd9e50567bf752da972c4eb1e294af9692b656444341d115545e041c38e921c",
"md5": "f369c0582631c0669059448fcd4eeb92",
"sha256": "766405a32b877a5beb6b377ace0d8bbe2a7d4d6304f04542aa14fd74b14398a7"
},
"downloads": -1,
"filename": "django-bleach-3.1.0.tar.gz",
"has_sig": false,
"md5_digest": "f369c0582631c0669059448fcd4eeb92",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 22197,
"upload_time": "2023-08-05T01:36:29",
"upload_time_iso_8601": "2023-08-05T01:36:29.312806Z",
"url": "https://files.pythonhosted.org/packages/8c/d9/e50567bf752da972c4eb1e294af9692b656444341d115545e041c38e921c/django-bleach-3.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-08-05 01:36:29",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "marksweb",
"github_project": "django-bleach",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"tox": true,
"lcname": "django-bleach"
}
JSON
