How to change a whitelist into a blacklist

Arnold Krille

2014-08-28 20:00

bleach, html sanitizer with a whitelist for allowed tags

idea: allow a function for the allowed_tags similar to the function instead of the dict for allowed attributes

-> denied by maintainer, changes intended behaviour of whitelist into a potential blacklist

well, duh.

Something different, check for the whitelist is done with

if element in allowed_elements:
    …

where allowed_elements is a list.

But what if allowed_elements isn't a list? What if its a custom objects that just happens to implement __contains__()?

Blacklist script-tag instead of whitelisting everything else

class BlackList(object):
    def __contains__(self, value):
        return value not in ['script']

html = bleach.clean(html, allowed_tags=BlackList())

Done. Changed the whitelist of bleach.clean() into a blacklist.