Source code for invenio_formatter.filters.html

# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2019 CERN.
#
# Invenio is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.

"""HTML sanitisation Jinja filters."""

import bleach
from flask import current_app


[docs]def sanitize_html(value, tags=None, attributes=None):
    """Sanitize HTML.

    :param tags: Allowed HTML ``tags``. Configuration set by Invenio-Config.
    :param attributes: Allowed HTML ``attributes``. Configuration set by
        Invenio-Config.

    Use this function when you need to include unescaped HTML that contain
    user provided data.
    """
    return bleach.clean(
        value,
        tags=tags or current_app.config.get('ALLOWED_HTML_TAGS', []),
        attributes=attributes or current_app.config.get(
            'ALLOWED_HTML_ATTRS', {}),
        strip=True,
    ).strip()

Source code for invenio_formatter.filters.html

Invenio-Formatter

Navigation

Related Topics