equal
deleted
inserted
replaced
19 |
19 |
20 __authors__ = [ |
20 __authors__ = [ |
21 '"Todd Larsen" <tlarsen@google.com>', |
21 '"Todd Larsen" <tlarsen@google.com>', |
22 '"Sverre Rabbelier" <sverre@rabbelier.nl>', |
22 '"Sverre Rabbelier" <sverre@rabbelier.nl>', |
23 '"Lennard de Rijk" <ljvderijk@gmail.com>', |
23 '"Lennard de Rijk" <ljvderijk@gmail.com>', |
|
24 '"Pawel Solyga" <pawel.solyga@gmail.com>', |
24 ] |
25 ] |
25 |
26 |
26 |
27 |
27 from htmlsanitizer import HtmlSanitizer |
28 from htmlsanitizer import HtmlSanitizer |
28 |
29 |
381 """ |
382 """ |
382 from HTMLParser import HTMLParseError |
383 from HTMLParser import HTMLParseError |
383 |
384 |
384 content = self.cleaned_data.get(field_name) |
385 content = self.cleaned_data.get(field_name) |
385 |
386 |
|
387 # clean_html_content is called when writing data into GAE rather than |
|
388 # when reading data from GAE. This short-circuiting of the sanitizer |
|
389 # only affects html authored by developers. The isDeveloper test for |
|
390 # example allows developers to add javascript. |
386 if user_logic.isDeveloper(): |
391 if user_logic.isDeveloper(): |
387 return content |
392 return content |
388 |
393 |
389 try: |
394 try: |
390 cleaner = HtmlSanitizer.Cleaner() |
395 cleaner = HtmlSanitizer.Cleaner() |