OpenSlides/openslides/utils/validate.py

64 lines
1.2 KiB
Python
Raw Normal View History

2017-01-20 11:34:05 +01:00
import bleach
2017-01-20 11:34:05 +01:00
allowed_tags = [
2019-01-06 16:22:33 +01:00
"a",
"img", # links and images
"br",
"p",
"span",
"blockquote", # text layout
"strike",
"strong",
"u",
"em",
"sup",
"sub",
"pre", # text formatting
"h1",
"h2",
"h3",
"h4",
"h5",
"h6", # headings
"ol",
"ul",
"li", # lists
"table",
"caption",
"thead",
"tbody",
"th",
"tr",
"td", # tables
2017-01-20 11:34:05 +01:00
]
allowed_attributes = {
2019-01-06 16:22:33 +01:00
"*": ["class", "style"],
"img": ["alt", "src", "title"],
"a": ["href", "title"],
"th": ["scope"],
"ol": ["start"],
2017-01-20 11:34:05 +01:00
}
allowed_styles = [
2019-01-06 16:22:33 +01:00
"color",
"background-color",
"height",
"width",
"text-align",
"float",
"padding",
"text-decoration",
2017-01-20 11:34:05 +01:00
]
2017-08-24 12:26:55 +02:00
def validate_html(html: str) -> str:
2017-01-20 11:34:05 +01:00
"""
This method takes a string and escapes all non-whitelisted html entries.
Every field of a model that is loaded trusted in the DOM should be validated.
During copy and paste from Word maybe some tabs are spread over the html. Remove them.
2017-01-20 11:34:05 +01:00
"""
2019-01-06 16:22:33 +01:00
html = html.replace("\t", "")
2017-08-24 12:26:55 +02:00
return bleach.clean(
2019-01-06 16:22:33 +01:00
html, tags=allowed_tags, attributes=allowed_attributes, styles=allowed_styles
)