-
Notifications
You must be signed in to change notification settings - Fork 13
/
params.json
1 lines (1 loc) · 3.71 KB
/
params.json
1
{"name":"Filterhtml","tagline":"A whitelisting HTML filter. Allows only a well-defined subset of HTML to pass through, with URL filtering.","body":"FilterHTML\r\n---------\r\n\r\nA white-listing HTML filter that's really easy to configure and is useful for filtering HTML to leave behind a supported or safe sub-set.\r\n\r\nThe whitelist specification (or the list of whitelisting rules) is provided as a dictionary.\r\n\r\nBoth Python and JavaScript versions are available.\r\n\r\nN.B. This package only filters HTML (to remove nefarious or unsupported tags, attributes, classes and styles) and does not ensure that the HTML structure is properly formed. If using Python, <a href=\"http://www.crummy.com/software/BeautifulSoup/\">BeautifulSoup</a> is quite good at doing this and can be used in conjunction with FilterHTML like so:\r\n\r\n import FilterHTML\r\n from bs4 import BeautifulSoup\r\n \r\n html = FilterHTML.filter_html(str(BeautifulSoup(html)), HTML_SPEC)\r\n\r\n\r\n\r\nThe allowed HTML subset is defined as a JSON-like object or Python dictionary.\r\n\r\ne.g. in Python:\r\n\r\n import re\r\n spec = {\r\n \r\n # an allowed tag\r\n \"img\": {\r\n # attributes that are allowed, as another dict\r\n\r\n # parse urls to ensure there's no javascript, by using the \"url\" string.\r\n # allowed schemes are 'http', 'https', 'mailto', and 'ftp' (as well as local URIs)\r\n \"src\": \"url\",\r\n \r\n # make sure these fields are integers, by using the \"int\" string\r\n \"border\": \"int\",\r\n \"width\": \"int\",\r\n \"height\": \"int\"\r\n },\r\n\r\n \"div\": {\r\n # list of allowed class values (multiple classes supported)\r\n \"class\": [\r\n \"container\",\r\n \"content\"\r\n ]\r\n },\r\n\r\n \"a\": {\r\n \"href\": \"url\",\r\n\r\n # list of allowed attribute values\r\n \"target\": [\r\n \"_blank\",\r\n \"_self\",\r\n \"_parent\",\r\n \"_top\"\r\n ]\r\n },\r\n\r\n \"input\": {\r\n # only allow alphabetical characters\r\n \"type\": \"alpha\",\r\n # allow any of these characters (within the [])\r\n \"name\": \"[abcdefghijklmnopqrstuvwxyz-]\",\r\n # allow alphabetical and digit characters\r\n \"value\": \"alphanumeric\"\r\n },\r\n \r\n \"i\": {\r\n # use a regex match\r\n # in JavaScript you can use /^icon-[a-z0-9_]+$/\r\n \"class\": re.compile(\"^icon-[a-z0-9_]+$\")\r\n },\r\n \r\n \"p\": {\r\n \"class\": [\r\n \"fancy\"\r\n ],\r\n # style parsing\r\n \"style\": {\r\n \"color\": re.compile(r'^#[0-9A-Fa-f]{6}$'),\r\n \"background-color\": re.compile(r'^#[0-9A-Fa-f]{6}$')\r\n }\r\n },\r\n \r\n # filter out all attributes for these tags\r\n \"hr\": {},\r\n \"br\": {},\r\n \"strong\": {},\r\n\r\n # global attributes (allowed on all elements):\r\n # (N.B. only applies to tags already supplied as keys)\r\n # element's specific attributes take precedence, but if they are all filtered out these global rules are applied to the original attribute value\r\n \r\n \"*\": {\r\n \"class\": [\"text-left\", \"text-right\", \"text-centered\"]\r\n },\r\n\r\n # aliases (convert one tag to another):\r\n\r\n # convert <b> tags to <strong> tags\r\n \"b\": \"strong\",\r\n\r\n # convert <center> tags to <p class=\"text-centered\"> tags\r\n \"center\": \"p class=\\\"text-centered\\\"\"\r\n }","google":"","note":"Don't delete this file! It's used internally to help with page regeneration."}