705705
706706
707707class Filter (base .Filter ):
708- """ sanitization of XHTML+MathML+SVG and of inline style attributes. """
708+ """Sanitizes token stream of XHTML+MathML+SVG and of inline style attributes"""
709709def __init__ (self ,
710710source ,
711711allowed_elements = allowed_elements ,
@@ -718,6 +718,37 @@ def __init__(self,
718718attr_val_is_uri = attr_val_is_uri ,
719719svg_attr_val_allows_ref = svg_attr_val_allows_ref ,
720720svg_allow_local_href = svg_allow_local_href ):
721+ """Creates a Filter
722+
723+ :arg allowed_elements: set of elements to allow--everything else will
724+ be escaped
725+
726+ :arg allowed_attributes: set of attributes to allow in
727+ elements--everything else will be stripped
728+
729+ :arg allowed_css_properties: set of CSS properties to allow--everything
730+ else will be stripped
731+
732+ :arg allowed_css_keywords: set of CSS keywords to allow--everything
733+ else will be stripped
734+
735+ :arg allowed_svg_properties: set of SVG properties to allow--everything
736+ else will be removed
737+
738+ :arg allowed_protocols: set of allowed protocols for URIs
739+
740+ :arg allowed_content_types: set of allowed content types for ``data`` URIs.
741+
742+ :arg attr_val_is_uri: set of attributes that have URI values--values
743+ that have a scheme not listed in ``allowed_protocols`` are removed
744+
745+ :arg svg_attr_val_allows_ref: set of SVG attributes that can have
746+ references
747+
748+ :arg svg_allow_local_href: set of SVG elements that can have local
749+ hrefs--these are removed
750+
751+ """
721752super (Filter ,self ).__init__ (source )
722753self .allowed_elements = allowed_elements
723754self .allowed_attributes = allowed_attributes
@@ -737,11 +768,11 @@ def __iter__(self):
737768yield token
738769
739770# Sanitize the +html+, escaping all elements not in ALLOWED_ELEMENTS, and
740- # stripping out all# attributes not in ALLOWED_ATTRIBUTES. Style
741- #attributes are parsed, and a restricted set,# specified by
742- #ALLOWED_CSS_PROPERTIES and ALLOWED_CSS_KEYWORDS, are allowed through.
743- #attributes in ATTR_VAL_IS_URI are scanned, and only URI schemes specified
744- #in ALLOWED_PROTOCOLS are allowed.
771+ # stripping out all attributes not in ALLOWED_ATTRIBUTES. Style attributes
772+ # are parsed, and a restricted set, specified by ALLOWED_CSS_PROPERTIES and
773+ # ALLOWED_CSS_KEYWORDS, are allowed through. attributes in ATTR_VAL_IS_URI
774+ # are scanned, and only URI schemes specified in ALLOWED_PROTOCOLS are
775+ # allowed.
745776#
746777# sanitize_html('<script> do_nasty_stuff() </script>')
747778# => <script> do_nasty_stuff() </script>