bleach, html sanitizer with a whitelist for allowed tags
idea: allow a function for the allowed_tags similar to the function instead of the dict for allowed attributes
-> denied by maintainer, changes intended behaviour of whitelist into a potential blacklist
Something different, check for the whitelist is done with
if element in allowed_elements: …
allowed_elements is a list.
But what if allowed_elements isn't a list? What if its a custom objects that just happens to implement
Blacklist script-tag instead of whitelisting everything else
class BlackList(object): def __contains__(self, value): return value not in ['script'] html = bleach.clean(html, allowed_tags=BlackList())
Done. Changed the whitelist of bleach.clean() into a blacklist.