Pypeline / Tickets / #3 HTML sanitization

A Python library for processing a variety of markup formats into HTML

#3 HTML sanitization

Status: closed

Owner: nobody

Labels: None

Updated: 2019-06-07

Created: 2019-06-05

Creator: Dave Brondsema

Private: No

This may land as part of [#2] but documenting it as a separate issue.

When upgrading Markdown to 3.0, its safe_mode param will be ignored. We don't have to upgrade Markdown to 3.0 soon though, 2.x versions seem to work fine on python 3.7 already.

We may need it soon for Textile. If https://github.com/textile/python-textile/issues/65 isn't resolved, we'll have to use a forked version of textile to get py3 support, or use latest textile with sanitization applied.

I think it'll probably be best to have sanitization rather than relying on built-in safety within each formatting library. It'd be nice to sanitize by default within Pypeline, but the application using Pypeline might have its own preferences for what to allow or not. Maybe a default list? https://forge-allura.apache.org/p/allura/tickets/8297/ discusses bleach vs html5lib sanitizer

Kenton Taylor - 2019-06-07

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Kenton Taylor - 2019-06-07

Merged

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

HTML sanitization

A Python library for processing a variety of markup formats into HTML

Searches

Help

#3 HTML sanitization

Related

Discussion