我有以下字符串:
html = '<div id="cover" style="display: block; height: 682px"><div class="cover-desktop hidden-xs" style="background-image: linear-gradient(rgba(0, 0, 0, 0.45), rgba(0, 0, 0, 0.45)), url('/site_media/covers/cover.jpg')"></div></div>'
这些是我的选项:
ALLOWED_TAGS = bleach.sanitizer.ALLOWED_TAGS + [
'p',
'div',
'table',
'br',
'style'
]
ALLOWED_STYLES = ['display', 'height', 'background-image']
ALLOWED_ATTRIBUTES = {
'*': ['id', 'class', 'style']
}
然而,当运行bleach.clean时,background-image风格被剥离:
cleaned_html = bleach.clean(html, tags=ALLOWED_TAGS, styles=ALLOWED_STYLES, attributes=ALLOWED_ATTRIBUTES)
输出:
u'<div id="cover" style="display: block; height: 682px;"><div class="cover-desktop hidden-xs" style=""></div></div>'
为什么?我怎么才能解决这个问题呢?
事实上,我怎么能允许任何样式呢?'*'不起作用
编辑:原来是因为背景图像url()。如果一个规则包含url,它就会被剥离。以下是他们在BleachSanitizerFilter.sanitize_css中的代码:
# Drop any url values before we do anything else
style = re.compile(r"urls*(s*[^s)]+?s*)s*").sub(" ", style)
那么我该如何允许background-image属性呢?
我使用的是bleach 6.0,我添加了这样的css样式
import bleach
from bleach.css_sanitizer import CSSSanitizer
ALLOWED_TAGS = ['p', 'strong', 'em', 'ul', 'ol', 'li', "a", "abbr",
"acronym", "b", "blockquote", "code", "i",'span']
ALLOWED_ATTRIBUTES = bleach.sanitizer.ALLOWED_ATTRIBUTES
ALLOWED_ATTRIBUTES['span'] = ['style']
ALLOWED_STYLES = [ 'color', 'font-family', 'font-size', 'font-style', 'font-weight', 'text-align', 'text-decoration', 'text-indent',
'background-color', 'background-image', 'background-repeat', 'background-size', 'border', 'border-bottom',
'border-left', 'border-radius', 'border-right', 'border-top', 'margin', 'margin-bottom', 'margin-left',
'margin-right', 'margin-top', 'padding', 'padding-bottom', 'padding-left', 'padding-right', 'padding-top',
'line-height', 'letter-spacing', 'word-spacing']
css_santizer = CSSSanitizer(allowed_css_properties=ALLOWED_STYLES)
cleaned_description = bleach.clean(description,tags=ALLOWED_TAGS,attributes=ALLOWED_ATTRIBUTES,css_sanitizer=css_santizer)
我希望这对你或任何面临这个问题的人有用,你可以查看文档了解更多细节。