kotti.sanitizers¶

For a high level introduction and available configuration options see Sanitizers.

kotti.sanitizers.sanitize(html: str, sanitizer: str) → str[source]¶

Sanitize HTML

Parameters

html (basestring) – HTML to be sanitized
sanitizer (str) – name of the sanitizer to use

Result

sanitized HTML

Return type

str

kotti.sanitizers.xss_protection(html: str) → str[source]¶

Sanitizer that removes tags that are not considered XSS safe. See bleach_whitelist.generally_xss_unsafe for a complete list of tags that are removed. Attributes and styles are left untouched.

Parameters: html (basestring) – HTML to be sanitized
Result: sanitized HTML
Return type: str

kotti.sanitizers.minimal_html(html: str) → str[source]¶

Sanitizer that only leaves a basic set of tags and attributes. See bleach_whitelist.markdown_tags, bleach_whitelist.print_tags, bleach_whitelist.markdown_attrs, bleach_whitelist.print_attrs for a complete list of tags and attributes that are allowed. All styles are completely removed.

Parameters: html (basestring) – HTML to be sanitized
Result: sanitized HTML
Return type: str

kotti.sanitizers.no_html(html: str) → str[source]¶

Sanitizer that removes all tags.

Parameters: html (basestring) – HTML to be sanitized
Result: plain text
Return type: str

kotti.sanitizers.includeme(config: Configurator) → None[source]¶

Pyramid includeme hook.

Parameters: config (pyramid.config.Configurator) – app config