nti.contentfragments.html module¶
Converters and utilities for dealing with HTML content fragments. In particular, sanitazation.
-
nti.contentfragments.html.
sanitize_user_html
(user_input, method='html')[source]¶ Given a user input string of plain text, HTML or HTML fragment, sanitize by removing unsupported/dangerous elements and doing some normalization. If it can be represented in plain text, do so.
Parameters: method (string) – One of the method
values acceptable tolxml.etree.tostring()
. The default value,html
, causes this method to produce either HTML or plain text, whatever is most appropriate. Passing the valuetext
causes this method to produce only plain text captured by traversing the elements with lxml. Note: this is legacy functionality, and callers should generally convert via calling the interfaces.Returns: Something that implements frg_interfaces.IUnicodeContentFragment
, typically eitherfrg_interfaces.IPlainTextContentFragment
orfrg_interfaces.ISanitizedHTMLContentFragment
.