Mercurial > public > sg101

view gpp/core/html.py @ 463:452835f4429f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixing #225; for some reason MySQL finds the user 'John' when searching for 'John ' (note trailing space). This doesn't happen on SQLite. This causes a NoReverseMatch when searching for 'John ' in the member search. The solution is to call strip() on the form field contents in the clean_username() method of the search form.
author Brian Neal <bgneal@gmail.com>
date Sat, 09 Jul 2011 02:00:48 +0000
parents b3b11edf91d8
children
line wrap: on
line source
import html5lib
from html5lib import sanitizer, treebuilders, treewalkers, serializer

def sanitizer_factory(*args, **kwargs):
    san = sanitizer.HTMLSanitizer(*args, **kwargs)
    # This isn't available yet
    # san.strip_tokens = True
    return san

def clean_html(buf):
    """Cleans HTML of dangerous tags and content."""
    buf = buf.strip()
    if not buf:
        return buf

    p = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
            tokenizer=sanitizer_factory)
    dom_tree = p.parseFragment(buf)

    walker = treewalkers.getTreeWalker("dom")
    stream = walker(dom_tree)

    s = serializer.htmlserializer.HTMLSerializer(
            omit_optional_tags=False,
            quote_attr_values=True)
    return s.render(stream) 

# vim: ts=4 sw=4