How to prevent bleach from escaping > (blockquote) tag used in Markdown

Question

I'm using bleach to sanitize user input. But I use Markdown which means I need the blockquote > symbol to go through without being escaped as & gt; so I can pass it to misaka for rendering.

The documentation says by default it escapes html markup but doesn't say how to turn that off for the > symbol. I would still like it to escape actual html tags.

http://bleach.readthedocs.org/en/latest/clean.html

Any other ideas for sanitizing input while maintaing the ability to use Markdown would be appreciated.

Answer 1

Bleach is a HTML sanitizer, not a Markdown sanitizer. As explained here , you should run your user input through Markdown first, then through Bleach. Like this:

sanitized_html = bleach.clean(markdown.markdown(some_text))

For more info, see my previously referenced comment .

Answer 2

Do you need strip all tags, but leave > as it is?

strip all tags, get output
html decode output of step 1, and pass that data to misaka

Simple way for step 2:

output.replace('>', '>')

More professional

import HTMLParser
h = HTMLParser.HTMLParser()
s = h.unescape(sanitized user input)

How to prevent bleach from escaping > (blockquote) tag used in Markdown

Question

2 answers

solution1
2 2014-02-21 17:12:56

solution2
0 ACCPTED 2014-02-21 08:00:11

How to prevent bleach from escaping > (blockquote) tag used in Markdown

Question

2 answers

solution1 2 2014-02-21 17:12:56

solution2 0 ACCPTED 2014-02-21 08:00:11

solution1
2 2014-02-21 17:12:56

solution2
0 ACCPTED 2014-02-21 08:00:11