Mercurial > public > sg101

view core/html.py @ 715:820e57e621e8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use |safe filter on Haystack templates to get better results w/quotes. Content was getting escaped, so text with quotes around it was seemingly missing from the search index. This change fixed that. I verified that the search results will not leak raw HTML to the page so this should be safe to do.
author Brian Neal <bgneal@gmail.com>
date Tue, 17 Sep 2013 20:26:49 -0500
parents ee87ea74d46b
children ff645a692791
line wrap: on
line source
import html5lib
from html5lib import sanitizer, treebuilders, treewalkers, serializer

def sanitizer_factory(*args, **kwargs):
    san = sanitizer.HTMLSanitizer(*args, **kwargs)
    # This isn't available yet
    # san.strip_tokens = True
    return san

def clean_html(buf):
    """Cleans HTML of dangerous tags and content."""
    buf = buf.strip()
    if not buf:
        return buf

    p = html5lib.HTMLParser(tree=treebuilders.getTreeBuilder("dom"),
            tokenizer=sanitizer_factory)
    dom_tree = p.parseFragment(buf)

    walker = treewalkers.getTreeWalker("dom")
    stream = walker(dom_tree)

    s = serializer.htmlserializer.HTMLSerializer(
            omit_optional_tags=False,
            quote_attr_values=True)
    return s.render(stream) 

# vim: ts=4 sw=4