Source code for invenio_records_rest.schemas.fields.sanitizedhtml

# -*- coding: utf-8 -*-
#
# This file is part of Invenio.
# Copyright (C) 2016-2018 CERN.
#
# Invenio is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.

"""HTML sanitized string field."""

import bleach
from flask import current_app

from .sanitizedunicode import SanitizedUnicode


[docs]class SanitizedHTML(SanitizedUnicode):
    """String field which strips sanitizes HTML using the bleach library."""

    def __init__(self, tags=None, attrs=None, *args, **kwargs):
        """Initialize field."""
        super().__init__(*args, **kwargs)
        self.tags = tags

        self.attrs = attrs

    def _deserialize(self, value, attr, data, **kwargs):
        """Deserialize string by sanitizing HTML."""
        value = super()._deserialize(value, attr, data, **kwargs)
        return bleach.clean(
            value,
            tags=self.tags or current_app.config.get("ALLOWED_HTML_TAGS", []),
            attributes=self.attrs or current_app.config.get("ALLOWED_HTML_ATTRS", {}),
            strip=True,
        ).strip()

Source code for invenio_records_rest.schemas.fields.sanitizedhtml

Invenio-Records-REST

Navigation

Related Topics