A “safe” python HTML text formatting (ala textile)

会有一股神秘感。 提交于 2019-12-21 02:53:11

问题


I've been looking around for an existing python library in the style of textile to format text for users to enter.

If it was just me entering it, just textile would have been fine, but since the input is meant for a django app that will take user input and display it, while still maintaining some formatting.

I managed to find little loopholes here in there in the existing libraries I saw. They sometimes wouldn't escape things the way they should have, would let me input straight HTML and the list goes on.

So what are some recommendations of conversion engines I can use?


回答1:


If you're using Django, you could try safe markdown:

{% load markup %}

{{ foo|markdown:"safe" }}

You'll need to have markdown installed, and django.contrib.markup in your settings.py apps.

If you want to sanitize HTML on save, I've had good luck using feedparser's sanitize (http://www.feedparser.org/).

import feedparser

body = feedparser._sanitizeHTML(body, 'utf8')



回答2:


If you are looking for a textile solution: the PyTextile that django markup uses actually has a textile_restricted() function, which for some reason, never made it into django.contrib.markup. You can use this function to provide restricted textile. Either by adding a method to your model that calls textile_restricted, or use a custom template tag textile_restricted, defined by the following code:

from django import template
from django.conf import settings
from django.utils.encoding import smart_str, force_unicode
from django.utils.safestring import mark_safe

register = template.Library()

def textile_restricted(value):
    try:
        import textile
    except ImportError:
        if settings.DEBUG:
            raise template.TemplateSyntaxError("Error in {% textile %} filter: The Python textile library isn't installed.")
        return force_unicode(value)
    else:
        return mark_safe(force_unicode(textile.textile_restricted(smart_str(value))))
textile_restricted.is_safe = True

register.filter(textile_restricted)



回答3:


Did you try the included django.contrib.markup libraries?



来源:https://stackoverflow.com/questions/1703678/a-safe-python-html-text-formatting-ala-textile

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!