diff --git a/sanitizer/__init__.py b/sanitizer/__init__.py
index 85bd8ef..6fa58f0 100644
--- a/sanitizer/__init__.py
+++ b/sanitizer/__init__.py
@@ -1,3 +1,3 @@
-VERSION = (0, 1, 4)
+VERSION = (0, 1, 6)
from .decorators import sanitize
diff --git a/sanitizer/decorators.py b/sanitizer/decorators.py
index cf39398..829a36a 100644
--- a/sanitizer/decorators.py
+++ b/sanitizer/decorators.py
@@ -16,12 +16,11 @@ class sanitize(object):
def __init__(self, tags=bleach.ALLOWED_TAGS,
- attributes=bleach.ALLOWED_ATTRIBUTES, styles=[], strip=False,
+ attributes=bleach.ALLOWED_ATTRIBUTES, strip=False,
strip_comments=True):
self.kwargs = {
'tags': tags,
'attributes': attributes,
- 'styles': styles,
'strip': strip,
'strip_comments': strip_comments,
}
diff --git a/sanitizer/forms.py b/sanitizer/forms.py
index 9936dd6..d81b88e 100644
--- a/sanitizer/forms.py
+++ b/sanitizer/forms.py
@@ -8,10 +8,9 @@ class SanitizedCharField(forms.CharField):
A subclass of CharField that escapes (or strip) HTML tags and attributes.
"""
def __init__(self, allowed_tags=[], allowed_attributes=[],
- allowed_styles=[], strip=False, *args, **kwargs):
+ strip=False, *args, **kwargs):
self._allowed_tags = allowed_tags
self._allowed_attributes = allowed_attributes
- self._allowed_styles = allowed_styles
self._strip = strip
super(SanitizedCharField, self).__init__(*args, **kwargs)
@@ -19,4 +18,4 @@ def clean(self, value):
value = super(SanitizedCharField, self).clean(value)
return bleach.clean(value, tags=self._allowed_tags,
attributes=self._allowed_attributes,
- styles=self._allowed_styles, strip=self._strip)
+ strip=self._strip)
diff --git a/sanitizer/models.py b/sanitizer/models.py
index afc2590..1694a15 100644
--- a/sanitizer/models.py
+++ b/sanitizer/models.py
@@ -3,7 +3,10 @@
import sys
if sys.version_info[0] == 3:
- from django.utils.encoding import smart_text as smart_unicode
+ try:
+ from django.utils.encoding import smart_str as smart_unicode
+ except ImportError:
+ from django.utils.encoding import smart_text as smart_unicode
else:
from django.utils.encoding import smart_unicode
@@ -13,11 +16,10 @@
class SanitizedCharField(models.CharField):
def __init__(self, allowed_tags=[], allowed_attributes=[],
- allowed_styles=[], strip=False,
+ strip=False,
*args, **kwargs):
self._sanitizer_allowed_tags = allowed_tags
self._sanitizer_allowed_attributes = allowed_attributes
- self._sanitizer_allowed_styles = allowed_styles
self._sanitizer_strip = strip
super(SanitizedCharField, self).__init__(*args, **kwargs)
@@ -25,18 +27,17 @@ def to_python(self, value):
value = super(SanitizedCharField, self).to_python(value)
value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
attributes=self._sanitizer_allowed_attributes,
- styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ strip=self._sanitizer_strip)
return smart_unicode(value)
class SanitizedTextField(models.TextField):
def __init__(self, allowed_tags=[], allowed_attributes=[],
- allowed_styles=[], strip=False,
+ strip=False,
*args, **kwargs):
self._sanitizer_allowed_tags = allowed_tags
self._sanitizer_allowed_attributes = allowed_attributes
- self._sanitizer_allowed_styles = allowed_styles
self._sanitizer_strip = strip
super(SanitizedTextField, self).__init__(*args, **kwargs)
@@ -44,14 +45,14 @@ def to_python(self, value):
value = super(SanitizedTextField, self).to_python(value)
value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
attributes=self._sanitizer_allowed_attributes,
- styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ strip=self._sanitizer_strip)
return smart_unicode(value)
def get_prep_value(self, value):
value = super(SanitizedTextField, self).get_prep_value(value)
value = bleach.clean(value, tags=self._sanitizer_allowed_tags,
attributes=self._sanitizer_allowed_attributes,
- styles=self._sanitizer_allowed_styles, strip=self._sanitizer_strip)
+ strip=self._sanitizer_strip)
return value
diff --git a/sanitizer/templatetags/sanitizer.py b/sanitizer/templatetags/sanitizer.py
index c68a091..2fea1ec 100644
--- a/sanitizer/templatetags/sanitizer.py
+++ b/sanitizer/templatetags/sanitizer.py
@@ -11,7 +11,6 @@
ALLOWED_TAGS = getattr(settings, 'SANITIZER_ALLOWED_TAGS', [])
ALLOWED_ATTRIBUTES = getattr(settings, 'SANITIZER_ALLOWED_ATTRIBUTES', [])
-ALLOWED_STYLES = getattr(settings, 'SANITIZER_ALLOWED_STYLES', [])
register = template.Library()
@@ -19,8 +18,8 @@
@stringfilter
def sanitize(value):
'''
- Sanitizes strings according to SANITIZER_ALLOWED_TAGS,
- SANITIZER_ALLOWED_ATTRIBUTES and SANITIZER_ALLOWED_STYLES variables in
+ Sanitizes strings according to SANITIZER_ALLOWED_TAGS and
+ SANITIZER_ALLOWED_ATTRIBUTES variables in
settings.
Example usage:
@@ -32,7 +31,7 @@ def sanitize(value):
if isinstance(value, basestring):
value = bleach.clean(value, tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES,
- styles=ALLOWED_STYLES, strip=False)
+ strip=False)
return value
register.filter('escape_html', sanitize)
@@ -41,8 +40,8 @@ def sanitize(value):
@stringfilter
def strip_filter(value):
'''
- Strips HTML tags from strings according to SANITIZER_ALLOWED_TAGS,
- SANITIZER_ALLOWED_ATTRIBUTES and SANITIZER_ALLOWED_STYLES variables in
+ Strips HTML tags from strings according to SANITIZER_ALLOWED_TAGS
+ and SANITIZER_ALLOWED_ATTRIBUTES variables in
settings.
Example usage:
@@ -54,7 +53,7 @@ def strip_filter(value):
if isinstance(value, basestring):
value = bleach.clean(value, tags=ALLOWED_TAGS,
attributes=ALLOWED_ATTRIBUTES,
- styles=ALLOWED_STYLES, strip=True)
+ strip=True)
return value
register.filter('strip_html', strip_filter)
@@ -72,7 +71,6 @@ def sanitize_allow(value, args=''):
if isinstance(value, basestring):
allowed_tags = []
allowed_attributes = []
- allowed_styles = []
args = args.strip().split(';')
if len(args) > 0:
@@ -88,11 +86,10 @@ def sanitize_allow(value, args=''):
@register.simple_tag
-def escape_html(value, allowed_tags=[], allowed_attributes=[],
- allowed_styles=[]):
+def escape_html(value, allowed_tags=[], allowed_attributes=[]):
"""
Template tag to sanitize string values. It accepts lists of
- allowed tags, attributes or styles in comma separated string or list format.
+ allowed tags or attributes in comma separated string or list format.
For example:
@@ -111,16 +108,15 @@ def escape_html(value, allowed_tags=[], allowed_attributes=[],
if isinstance(value, basestring):
value = bleach.clean(value, tags=allowed_tags,
attributes=allowed_attributes,
- styles=allowed_styles, strip=False)
+ strip=False)
return value
@register.simple_tag
-def strip_html(value, allowed_tags=[], allowed_attributes=[],
- allowed_styles=[]):
+def strip_html(value, allowed_tags=[], allowed_attributes=[]):
"""
Template tag to strip html from string values. It accepts lists of
- allowed tags, attributes or stylesin comma separated string or list format.
+ allowed tags or attributes in comma separated string or list format.
For example:
@@ -139,5 +135,5 @@ def strip_html(value, allowed_tags=[], allowed_attributes=[],
if isinstance(value, basestring):
value = bleach.clean(value, tags=allowed_tags,
attributes=allowed_attributes,
- styles=allowed_styles, strip=True)
+ strip=True)
return value
diff --git a/sanitizer/tests.py b/sanitizer/tests.py
index 21d0dcd..bf57910 100644
--- a/sanitizer/tests.py
+++ b/sanitizer/tests.py
@@ -11,22 +11,21 @@
ALLOWED_TAGS = ['a']
ALLOWED_ATTRIBUTES = ['href', 'style']
-ALLOWED_STYLES = ['width']
class TestingModel(models.Model):
test_field = SanitizedCharField(max_length=255, allowed_tags=ALLOWED_TAGS,
- allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+ allowed_attributes=ALLOWED_ATTRIBUTES)
class TestingTextModel(models.Model):
test_field = SanitizedTextField(allowed_tags=ALLOWED_TAGS,
- allowed_attributes=ALLOWED_ATTRIBUTES, allowed_styles=ALLOWED_STYLES)
+ allowed_attributes=ALLOWED_ATTRIBUTES)
class TestForm(forms.Form):
test_field = SanitizedFormField(allowed_tags=['a'],
- allowed_attributes=['href', 'style'], allowed_styles=['width'])
+ allowed_attributes=['href', 'style'])
class SanitizerTest(TestCase):
@@ -70,17 +69,17 @@ def test_SanitizedFormField(self):
def test_escape_html(self):
html = 'foo'
self.assertEqual(escape_html(html, allowed_tags='a',
- allowed_attributes='href,style', allowed_styles='width'),
+ allowed_attributes='href,style'),
'foo<em></em>')
self.assertEqual(escape_html(html, allowed_tags=['a'],
- allowed_attributes=['href', 'style'], allowed_styles=['width']),
+ allowed_attributes=['href', 'style']),
'foo<em></em>')
def test_strip_html(self):
html = 'foo'
self.assertEqual(strip_html(html, allowed_tags='a',
- allowed_attributes='href,style', allowed_styles='width'),
+ allowed_attributes='href,style'),
'foo')
self.assertEqual(strip_html(html, allowed_tags=['a'],
- allowed_attributes=['href', 'style'], allowed_styles=['width']),
+ allowed_attributes=['href', 'style']),
'foo')
diff --git a/setup.py b/setup.py
index cd64ff6..ad25013 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@
setup(
name='django-html_sanitizer',
- version='0.1.5',
+ version='0.1.7',
author='Selwin Ong',
author_email='selwin.ong@gmail.com',
packages=['sanitizer'],
@@ -16,7 +16,7 @@
long_description=open('README.rst').read(),
zip_safe=False,
include_package_data=True,
- install_requires=['django', 'bleach'],
+ install_requires=['django', 'bleach>=6'],
classifiers=[
'Development Status :: 4 - Beta',
'Environment :: Web Environment',