""" Created on 19.10.2011 @author: christian """ from BeautifulSoup import BeautifulSoup class HtmlCleaner(object): ACCEPTABLE_ELEMENTS = ['a', 'abbr', 'acronym', 'address', 'area', 'b', 'big', 'blockquote', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'font', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'ins', 'kbd', 'label', 'legend', 'li', 'map', 'menu', 'ol', 'p', 'pre', 'q', 's', 'samp', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var'] ACCEPTABELE_ATTRIBUTES = [ 'abbr', 'accept', 'accept-charset', 'accesskey', 'action', 'align', 'class', 'alt', 'axis', 'char', 'charoff', 'charset', 'checked', 'cite', 'clear', 'cols', 'colspan', 'color', 'compact', 'coords', 'datetime', 'dir', 'enctype', 'for', 'headers', 'height', 'href', 'hreflang', 'hspace', 'id', 'ismap', 'label', 'lang', 'longdesc', 'maxlength', 'method', 'multiple', 'name', 'nohref', 'noshade', 'nowrap', 'prompt', 'rel', 'rev', 'rows', 'rowspan', 'rules', 'scope', 'shape', 'size', 'span', 'src', 'start', 'summary', 'tabindex', 'target', 'title', 'type', 'usemap', 'valign', 'value', 'vspace', 'width'] counter = 1 tag_removed = False def clean_attributes(self, tag): for attr in tag._getAttrMap().keys(): if attr not in self.ACCEPTABELE_ATTRIBUTES: del tag[attr] elif tag[attr].count('script:'): del tag[attr] def clean_tag(self, tag): if tag.name not in self.ACCEPTABLE_ELEMENTS: tag.extract() # remove the bad ones self.tag_removed = True else: self.clean_attributes(tag) def clean_html(self, fragment=''): """ Reparses and cleans the html from XSS Attacks until it stops changing. @param fragment: """ while True: soup = BeautifulSoup(fragment) self.tag_removed = False self.counter += 1 for tag in soup.findAll(True): self.clean_tag(tag) fragment = unicode(soup) if self.tag_removed: continue else: break return fragment