Skip to content

Sanitize

CompilerSanitizer

This class provides methods for sanitizing user input to prevent various injection attacks.

It uses the bleach library to remove potentially harmful HTML tags and attributes, and the html library to escape special characters.

Source code in zenaura/client/compiler/sanitize.py 
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
class CompilerSanitizer:
    """
    This class provides methods for sanitizing user input to prevent various injection attacks.

    It uses the `bleach` library to remove potentially harmful HTML tags and attributes, 
    and the `html` library to escape special characters.

    Attributes:
        None
    """

    def sanitize(
        self, 
        user_input: str, 
    ) -> str:
        """
        Sanitizes user input to prevent various injection attacks.

        This method takes the raw user input as a string and returns a sanitized version of the input.

        Args:
            user_input (str): The raw user input to sanitize.
            allowed_tags (list, optional): A list of allowed HTML tags (e.g., ['p', 'br', 'strong']). 
                Defaults to `allowed_tags` from the `zenaura.client.config` module.
            allowed_attributes (dict, optional): A dictionary mapping allowed tags to their allowed 
                attributes (e.g., {'img': ['src', 'alt']}). Defaults to `allowed_attributes` from the 
                `zenaura.client.config` module.

        Returns:
            str: The sanitized input.
        """
        user_input = str(user_input)
        # Use bleach to remove potentially harmful HTML tags and attributes
        safe_html = bleach.clean(
            user_input, tags=allowed_tags, attributes=allowed_attributes
        )

        return safe_html

sanitize(user_input)

Sanitizes user input to prevent various injection attacks.

This method takes the raw user input as a string and returns a sanitized version of the input.

Parameters:

Name Type Description Default
user_input str

The raw user input to sanitize.

 required
allowed_tags list

A list of allowed HTML tags (e.g., ['p', 'br', 'strong']). Defaults to allowed_tags from the zenaura.client.config module.

 required
allowed_attributes dict

A dictionary mapping allowed tags to their allowed attributes (e.g., {'img': ['src', 'alt']}). Defaults to allowed_attributes from the zenaura.client.config module.

 required

Returns:

Name Type Description
str str

The sanitized input.
Source code in zenaura/client/compiler/sanitize.py 
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
def sanitize(
    self, 
    user_input: str, 
) -> str:
    """
    Sanitizes user input to prevent various injection attacks.

    This method takes the raw user input as a string and returns a sanitized version of the input.

    Args:
        user_input (str): The raw user input to sanitize.
        allowed_tags (list, optional): A list of allowed HTML tags (e.g., ['p', 'br', 'strong']). 
            Defaults to `allowed_tags` from the `zenaura.client.config` module.
        allowed_attributes (dict, optional): A dictionary mapping allowed tags to their allowed 
            attributes (e.g., {'img': ['src', 'alt']}). Defaults to `allowed_attributes` from the 
            `zenaura.client.config` module.

    Returns:
        str: The sanitized input.
    """
    user_input = str(user_input)
    # Use bleach to remove potentially harmful HTML tags and attributes
    safe_html = bleach.clean(
        user_input, tags=allowed_tags, attributes=allowed_attributes
    )

    return safe_html