Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def clean_input(text, ignore=None):
""" For a given html text, escape everything we do not want to support
to avoid potential security breach.
"""
if ignore and not isinstance(ignore, (tuple, set, list)):
ignore = [ignore]
bleach_v = bleach.__version__.split('.')
for idx, val in enumerate(bleach_v):
try:
val = int(val)
except ValueError: # pragma: no cover
pass
bleach_v[idx] = val
attrs = bleach.ALLOWED_ATTRIBUTES.copy()
attrs['table'] = ['class']
attrs['span'] = ['class', 'id']
attrs['div'] = ['class']
attrs['td'] = ['align']
attrs['th'] = ['align']
if not ignore or 'img' not in ignore:
# newer bleach need three args for attribute callable
if tuple(bleach_v) >= (2, 0, 0): # pragma: no cover
attrs['img'] = lambda tag, name, val: filter_img_src(name, val)
else:
attrs['img'] = filter_img_src
tags = bleach.ALLOWED_TAGS + [
'p', 'br', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
'table', 'td', 'tr', 'th', 'thead', 'tbody',
'col', 'pre', 'img', 'hr', 'dl', 'dt', 'dd', 'span',
def clean_input(text, ignore=None):
""" For a given html text, escape everything we do not want to support
to avoid potential security breach.
"""
if ignore and not isinstance(ignore, (tuple, set, list)):
ignore = [ignore]
attrs = bleach.ALLOWED_ATTRIBUTES.copy()
attrs['table'] = ['class']
attrs['span'] = ['class', 'id']
attrs['div'] = ['class']
if not ignore or 'img' not in ignore:
attrs['img'] = filter_img_src
tags = bleach.ALLOWED_TAGS + [
'p', 'br', 'div', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
'table', 'td', 'tr', 'th', 'thead', 'tbody',
'col', 'pre', 'img', 'hr', 'dl', 'dt', 'dd', 'span',
'kbd', 'var', 'del', 'cite',
]
if ignore:
for tag in ignore:
if tag in tags:
tags.remove(tag)
from babel import localedata
from babel.dates import format_date, format_time, format_datetime
from babel.numbers import format_decimal
from django_jinja import library
from jinja2.utils import Markup
from pytz import timezone
from kitsune.sumo import parser
from kitsune.sumo.urlresolvers import reverse
from kitsune.users.models import Profile
from kitsune.products.models import Product
from kitsune.wiki.showfor import showfor_data as _showfor_data
ALLOWED_BIO_TAGS = bleach.ALLOWED_TAGS + ['p']
ALLOWED_BIO_ATTRIBUTES = bleach.ALLOWED_ATTRIBUTES.copy()
# allow rel="nofollow"
ALLOWED_BIO_ATTRIBUTES['a'].append('rel')
log = logging.getLogger('k.helpers')
class DateTimeFormatError(Exception):
"""Called by the datetimeformat function when receiving invalid format."""
pass
@library.filter
def paginator(pager):
"""Render list of pages."""
return Paginator(pager).render()
def _filter_link_attributes(tag, name, value):
if name in ["href", "title"]:
return True
if name == "target" and value == "_blank":
return True
if name == "rel" and value == LINK_REL:
return True
return False
MARKDOWN_ATTRIBUTES = {"a": _filter_link_attributes, "img": ["alt", "src", "title"]}
ALLOWED_ATTRIBUTES = bleach.ALLOWED_ATTRIBUTES.copy()
ALLOWED_ATTRIBUTES.update(MARKDOWN_ATTRIBUTES)
# Singleton instance of the bleach cleaner
cleaner = None
# Singleton instance of the Markdown instance
markdown = None
class MathMarkdown(mistune.Markdown):
def output_block_math(self):
return self.renderer.block_math(self.token["text"])
class MathInlineLexer(mistune.InlineLexer):
def __init__(self, *args, **kwargs):
super(MathInlineLexer, self).__init__(*args, **kwargs)
import jinja2
from babel import localedata
from babel.dates import format_date, format_time, format_datetime
from babel.numbers import format_decimal
from django_jinja import library
from jinja2.utils import Markup
from pytz import timezone
from kitsune.sumo import parser
from kitsune.sumo.urlresolvers import reverse
from kitsune.users.models import Profile
from kitsune.wiki.showfor import showfor_data as _showfor_data
ALLOWED_BIO_TAGS = bleach.ALLOWED_TAGS + ['p']
ALLOWED_BIO_ATTRIBUTES = bleach.ALLOWED_ATTRIBUTES.copy()
# allow rel="nofollow"
ALLOWED_BIO_ATTRIBUTES['a'].append('rel')
log = logging.getLogger('k.helpers')
class DateTimeFormatError(Exception):
"""Called by the datetimeformat function when receiving invalid format."""
pass
@library.filter
def paginator(pager):
"""Render list of pages."""
return Paginator(pager).render()
html = textile.textile(text, **markup_kwargs)
elif markup_filter_name == 'markdown':
import bleach
import markdown
# See ALLOWED_TAGS, ALLOWED_ATTRIBUTES and ALLOWED_STYLES
# https://github.com/mozilla/bleach/blob/master/bleach/sanitizer.py
tags = bleach.ALLOWED_TAGS + [
u'h1', u'h2', u'h3', u'h4', u'h5',
u'p', u'pre',
u'img',
u'hr',
u'span',
]
attrs = bleach.ALLOWED_ATTRIBUTES.copy()
attrs.update({
'img': ['alt', 'src'],
})
styles = bleach.ALLOWED_STYLES
tags_provided = ('clean' in markup_kwargs
and 'extra_tags' in markup_kwargs['clean'])
if tags_provided:
tags += markup_kwargs['clean']['extra_tags']
attrs_provided = ('clean' in markup_kwargs
and 'extra_attrs' in markup_kwargs['clean'])
if attrs_provided:
attrs.update(markup_kwargs['clean']['extra_attrs'])
styles_provided = ('clean' in markup_kwargs