Reputation: 1286
Skip sanitization for videos in html5lib
I am using a wmd-editor in django, much like this one in which I am typing. I would like to allow the users to embed videos in it. For that I am using the Markdown video extension here. The problem is that I am also sanitizing user input using html5lib sanitization and it doesn't allow object tags which are required to embed the videos.
One solution could be to check the input for urls of well-known video sites and skip the sanitization in those cases. Is there a better solution?
Upvotes: 2
Views: 362
Answers (1)
Reputation: 6434
A better solution would be to append 'object' to html5lib.sanitizer.HTMLSanitizer.acceptable_elements. A great solution would be to subclass html5lib.sanitizer.HTMLSanitizer so you can conditionally accept or remove the object in sanitize_token.
The implementation seems clear enough to tackle.
Upvotes: 3
Related Questions
- Sanitizing HTML in submitted form data
- Playing Video with Django and html5 tag
- HTML5 video element non-seekable when using Django development server
- Django video in template, seems to detect media but not working
- Python/Django: How to render user-submitted videos code fragments as embedded videos?
- Why does html5lib sanitizer remove <section> tags?
- Is possible to censor videos automatically?
- Django template filter: HTML Sanitization AND Embedding YouTube, Vimeo, etc?
- Remove a bad tag completely with html5lib.sanitizer
- Django, automatic HTML "sanitizing" when putting HTML to template, how to stop it?