Home » Odeon Blogs » Liviu, Agile Bear »

Django urlize HTML safe

Django urlize HTML safe

urlize HTML safe

The default django urlize filter is not HTML safe as the docs say.

Note that if urlize is applied to text that already contains HTML markup, things won't work as expected. Apply this filter only to plain text.

The easy way to solve this problem is to use an HTML parser and make sure the filter is applied only to plain text.

BeautifulSoup functions

To get the HTML tags from a text, .findAll() is the way to go, but if we need the plain text, .contents is what we need. Given a simple example to see what is the difference:

  1. from BeautifulSoup import BeautifulSoup

  2. html = '<p>foo <a href="http://od-eon.com">http://od-eon.com</a> bar</p> foobar'

  3. soup = BeautifulSoup(html)

  4. soup.findAll()

  5. >>> [<p>foo <a href="http://od-eon.com">http://od-eon.com</a> bar</p>, <a href="http://od-eon.com">http://od-eon.com</a>]

  6. soup.contents

  7. >>> [<p>foo <a href="http://od-eon.com">http://od-eon.com</a> bar</p>, u' foobar']

The flow is clear to obtain a safe urlize from this simple example. We need to apply the urlize function on the .contents of each tag that the text contains:
Step 1. iterate over .contents and if its not a tag, do the replacement
Step 2. iterate over the tags, create a new BeautifulSoup instance from each tag
Step 3. if the new BeautifulSoup.findAll() returns more tags, for each of them repeat the process; if it doesn't, apply the urlize function and replace the tag in the main soup object

There is only one minor check that we should add in this case, what kind of tag are we converting now, because the http://od-eon.com inside the anchor tag it shouldn't convert to a new link, it already is one. So at Step 2. we need to check if tag.name is one of our accepted tags.

Here's how the code would look like:

  1. from django.template.defaultfilters import stringfilter

  2. from django.template import Library

  3. from django.utils.html import urlize

  4. register = Library()

  5. def html_urlize(value, autoescape=None):

  6.     """Converts URLs in plain text into clickable links."""

  7.     from BeautifulSoup import BeautifulSoup

  8.     ignored_tags = ['a', 'code', 'pre']

  9.     soup = BeautifulSoup(value)

  10.     tags = soup.findAll(True)

  11.     text_all = soup.contents

  12.     for text in text_all:

  13.         if text not in tags:

  14.             parsed_text = urlize(text, nofollow=True, autoescape=autoescape)

  15.             text.replaceWith(parsed_text)

  16.     for tag in tags:

  17.         if not tag.name in ignored_tags:

  18.             soup_text = BeautifulSoup(str(tag))

  19.             if len(soup_text.findAll()) > 1:

  20.                 for child_tag in tag.contents:

  21.                     child_tag.replaceWith(html_urlize(str(child_tag)))

  22.             elif len(soup_text.findAll()) > 0:

  23.                 text_list = soup_text.findAll(text=True)

  24.                 for text in text_list:

  25.                     parsed_text = urlize(text, nofollow=True, autoescape=autoescape)

  26.                     text.replaceWith(parsed_text)

  27.                 try:

  28.                     tag.replaceWith(str(soup_text))

  29.                 except:

  30.                     pass

  31.     return mark_safe(str(soup))

  32. html_urlize.is_safe = True

  33. html_urlize.needs_autoescape = True

  34. html_urlize = stringfilter(html_urlize)

  35. register.filter(html_urlize)


Category: Django

Discussion

  1. doeke on Oct 14, 2010 - 6:54 said:

    Thanks for this snippet :)
    This is exactly what I was looking for.




Leave a Comment :

(required)


(required)




(required)




(required)






Leave a Comment


Page generated in: 0.18s