Trees Indices Help
Trac
Package trac :: Package util :: Module html :: Class TracHTMLSanitizer

Class TracHTMLSanitizer

source code 

 object --+ 
 | 
genshi.filters.html.HTMLSanitizer --+
 |
 TracHTMLSanitizer
Instance Methods
__init__(self, safe_schemes=frozenset([None, 'file', 'ftp', 'http', 'https', 'mailto']), safe_css=frozenset(['background', 'background-attachment', 'background-...)
Create the sanitizer. source code
list
sanitize_css(self, text)
Remove potentially dangerous property declarations from CSS code. source code
__call__(self, stream)
Remove input type="password" elements from the stream source code
bool
is_safe_css(self, prop, value)
Determine whether the given css property declaration is to be considered safe for inclusion in the output. source code

Inherited from genshi.filters.html.HTMLSanitizer: is_safe_elem, is_safe_uri

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
SAFE_CSS = frozenset(['background', 'background-attachment', '...

Inherited from genshi.filters.html.HTMLSanitizer: SAFE_ATTRS, SAFE_SCHEMES, SAFE_TAGS, URI_ATTRS

Properties

Inherited from object: __class__

Method Details

__init__(self, safe_schemes=frozenset([None, 'file', 'ftp', 'http', 'https', 'mailto']), safe_css=frozenset(['background', 'background-attachment', 'background-...)
(Constructor)

source code

Create the sanitizer.

The exact set of allowed elements and attributes can be configured.

Parameters:
  • safe_tags - a set of tag names that are considered safe
  • safe_attrs - a set of attribute names that are considered safe
  • safe_schemes - a set of URI schemes that are considered safe
  • uri_attrs - a set of names of attributes that contain URIs
Overrides: object.__init__
(inherited documentation)

sanitize_css(self, text)

source code

Remove potentially dangerous property declarations from CSS code.

In particular, properties using the CSS url() function with a scheme that is not considered safe are removed:

>>> sanitizer = HTMLSanitizer()
>>> sanitizer.sanitize_css(u'''
...  background: url(javascript:alert("foo"));
...  color: #000;
... ''')
['color: #000']

Also, the proprietary Internet Explorer function expression() is always stripped:

>>> sanitizer.sanitize_css(u'''
...  background: #fff;
...  color: #000;
...  width: e/**/xpression(alert("foo"));
... ''')
['background: #fff', 'color: #000']
Parameters:
  • text - the CSS text; this is expected to be unicode and to not contain any character or numeric references
Returns: list
a list of declarations that are considered safe
Overrides: genshi.filters.html.HTMLSanitizer.sanitize_css
(inherited documentation)

__call__(self, stream)
(Call operator)

source code
Remove input type="password" elements from the stream
Parameters:
  • stream - the markup event stream to filter
Overrides: genshi.filters.html.HTMLSanitizer.__call__

is_safe_css(self, prop, value)

source code
Determine whether the given css property declaration is to be considered safe for inclusion in the output.
Parameters:
  • propname - the CSS property name
  • value - the value of the property
Returns: bool
whether the property value should be considered safe
Overrides: genshi.filters.html.HTMLSanitizer.is_safe_css

Class Variable Details

SAFE_CSS

Value:
frozenset(['background',
 'background-attachment',
 'background-color',
 'background-image',
 'background-position',
 'background-repeat',
 'border',
 'border-bottom',
...

Trees Indices Help
Trac
Generated by Epydoc 3.0.1 on Mon Feb 13 23:37:23 2023 http://epydoc.sourceforge.net

AltStyle によって変換されたページ (->オリジナル) /