web.py

Add HTML sanitization code

Bug #117784 reported by Aaron Swartz on 2007-05-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	web.py	Confirmed	High	Anand Chitipothu	web.py 0.35

Bug Description

The HTML sanitization code at http://www.aaronsw.com/2002/sanitize/ (and possibly the other code there) should be integrated into web.py, perhaps after we get some approval of its sanity by someone.

Revision history for this message

Anand Chitipothu (anandology) wrote on 2007-05-30: Re: [Bug 117784] Add HTML sanitization code

How is this related to web.py?

On 30-May-07, at 9:24 PM, Aaron Swartz wrote:

> Public bug reported:
>
> The HTML sanitization code at http://www.aaronsw.com/2002/sanitize/
> (and
> possibly the other code there) should be integrated into web.py,
> perhaps
> after we get some approval of its sanity by someone.
>
> ** Affects: webpy (upstream)
> Importance: Undecided
> Status: Unconfirmed
>
> --
> Add HTML sanitization code
> https://bugs.launchpad.net/bugs/117784
> You received this bug notification because you are a member of Web.py
> Administrators, which is the registrant for web.py.

Revision history for this message

Eleanor Berger (intellectronica) wrote on 2007-05-30:

> How is this related to web.py?

Actually, it makes sense - many web applications have 'user-contributed' parts, and they always require this sort of facility.

Aaron Swartz (aaronsw) on 2007-09-02

Changed in webpy:
assignee:	nobody → aaronsw
importance:	Undecided → High
status:	New → Confirmed

Anand Chitipothu (anandology) on 2007-12-24

Changed in webpy:
milestone:	none → 0.3

Revision history for this message

huntercross (hunter-ponticlaro) wrote on 2008-01-02:

filtering_example.py Edit (12.8 KiB, text/x-python)

i agree we need sanitation / filtering for all user input built-in to web.py. i added a bug report here: https://bugs.launchpad.net/webpy/+bug/179962 that includes another approach to this that could be used in conjunction with aaron's sanitize code. i attached that code to this bug as well.

Aaron Swartz (aaronsw) on 2008-01-15

Changed in webpy:
assignee:	aaronsw → anandology

Revision history for this message

Aaron Swartz (aaronsw) wrote on 2008-11-18:

taking off 0.3.

Changed in webpy:
milestone:	0.3 → none
milestone:	none → 0.35

Aaron Swartz (aaronsw) on 2008-11-20

Changed in webpy:
milestone:	0.35 → 0.31

Anand Chitipothu (anandology) on 2009-10-23

Changed in webpy:
milestone:	0.32 → 0.35

Revision history for this message

Anand Chitipothu (anandology) wrote on 2009-10-23:

Genshi has very elegant support for filtering and sanitizing html.

http://genshi.edgewall.org/wiki/Documentation/filters.html

Here is some code that I use for sanitizing user pages in Open Library.

def sanitize(html)
stream = genshi.HTML(html) | genshi.filters.HTMLSanitizer() | genshi.filters.Transformer("a").attr("rel", "nofollow")
return stream.render()

Should we just point people to use Genshi for doing sanitization instead of adding something to web.py?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

filtering_example.py Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.