html5lib
bleach
Our great sponsors
html5lib | bleach | |
---|---|---|
3 | 6 | |
1,093 | 2,615 | |
0.7% | 0.7% | |
4.1 | 6.4 | |
about 2 months ago | 8 days ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
html5lib
-
Bleach 6.0.0 Release and Deprecation
Yes. This is really interesting.
Sounds like html5lib has been asking for funding, but doesn't look like there's much progress. https://github.com/html5lib/html5lib-python/issues/361
-
Pydantic Factories
Neither did html5lib.
-
Why are circular dependencies even a thing?
Easier example...sphinx is a document generator for python programs (creating docs for the API of programs from source-code comments for example). Spinx depends on html5lib which itself again depends on six...want to make a guess what six uses to generate its API docs? ;) So if you want the api docs of six you will have to first install it without to be able to get a working sphinx install then redo the six on including the building of the API docs.
bleach
-
What's your favorite alternative to bleach for sanitizing HTML?
I noticed via the changelog for Django 4.2.2 that bleach is deprecated (Django removed mention of it from their docs).
-
I wrote a markdown to html converter
I don't know a golang library for it but https://github.com/mozilla/bleach is a python lib that escapes all the nasty javascript inputs.
-
Django-tinymce and HTML Injection
bleach it!
-
Serialize Django Data for JavaScript
This is an excellent point; I should have addressed safety in my article. I'll point out that in my use case, I'm using `safe` on data I create and not any user-generated data.
You should never use `safe` on user data unless you use something like bleach (https://github.com/mozilla/bleach) to sanitize the data. Even then, you should use caution.
-
Rich text field and django rest framework
Use bleach to sanitize it https://bleach.readthedocs.io/en/latest/
- mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe,
What are some alternatives?
lxml - The lxml XML toolkit for Python
xhtml2pdf - A library for converting HTML into PDFs using ReportLab
MarkupSafe - Safely add untrusted strings to HTML/XML markup.
selectolax - Python binding to Modest and Lexbor engines (fast HTML5 parser with CSS selectors).
pyquery - A jquery-like library for python
gazpacho - 🥫 The simple, fast, and modern web scraping library
cssutils
xmldataset - xmldataset: xml parsing made easy 🗃️
xmltodict - Python module that makes working with XML feel like you are working with JSON