ammonia
bleach
ammonia | bleach | |
---|---|---|
2 | 6 | |
469 | 2,619 | |
4.7% | 0.6% | |
6.8 | 6.1 | |
30 days ago | 25 days ago | |
Rust | Python | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ammonia
-
What's your favorite alternative to bleach for sanitizing HTML?
nh3 which is a python binding for the Rust-based ammonia
-
How to write Python extensions in Rust with PyO3
For a somewhat more "productive" hello world (as in a very simple application which does useful things), there's nh3 (https://github.com/messense/nh3) which is a pretty simple wrapper around ammonia (https://github.com/rust-ammonia/ammonia), an HTML sanitisation library. The lib.rs is all of 125 SLOC (and about half of that is owing to the handling of `attribute_filter` which is pretty demanding on the glue layer: https://github.com/messense/nh3/commit/72be3e6728b7ceb9185e7...).
bleach
-
What's your favorite alternative to bleach for sanitizing HTML?
I noticed via the changelog for Django 4.2.2 that bleach is deprecated (Django removed mention of it from their docs).
-
I wrote a markdown to html converter
I don't know a golang library for it but https://github.com/mozilla/bleach is a python lib that escapes all the nasty javascript inputs.
-
Django-tinymce and HTML Injection
bleach it!
-
Serialize Django Data for JavaScript
This is an excellent point; I should have addressed safety in my article. I'll point out that in my use case, I'm using `safe` on data I create and not any user-generated data.
You should never use `safe` on user data unless you use something like bleach (https://github.com/mozilla/bleach) to sanitize the data. Even then, you should use caution.
-
Rich text field and django rest framework
Use bleach to sanitize it https://bleach.readthedocs.io/en/latest/
- mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe,
What are some alternatives?
syntect - Rust library for syntax highlighting using Sublime Text syntax definitions.
lxml - The lxml XML toolkit for Python
html-sanitizer - Allowlist-based HTML cleaner
MarkupSafe - Safely add untrusted strings to HTML/XML markup.
rust_python_package_example - Example of a Rust compiled Python 3 package
xhtml2pdf - A library for converting HTML into PDFs using ReportLab
x8 - Hidden parameters discovery suite
html5lib - Standards-compliant library for parsing and serializing HTML documents and fragments in Python
binserve - A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code.
selectolax - Python binding to Modest and Lexbor engines (fast HTML5 parser with CSS selectors).
delta-rs - A native Rust library for Delta Lake, with bindings into Python
cssutils