The configuration option and custom rules of the Python Bleach Library

The Python Bleach library is a powerful tool for cleaning up and filtering HTML.It can prevent cross -site script attacks (XSS) and help handle the rich text content submitted by the user in a website or application.This article will introduce the configuration options of the Python Bleach library and how to customize the rules. Configuration option: 1. TAGS: You can specify the allowable label.By default, it contains a set of common security tags, such as `<b>`, `<i>`, `<p>`, etc.You can define your label whites by passing a list. Example code: bleach.clean(html, tags=['p', 'strong', 'em']) 2. Attributes: This option is used to specify the allowable label attributes.By default, no attributes will not be deleted.You can pass a dictionary. The keys of the dictionary is the label name, and the value is a list of attributes to define the attribute allowed by the label. Example code: bleach.clean(html, attributes={'a': ['href', 'title'], 'img': ['src']}) 3. Styles (style): used to specify the allowable CSS style attributes.By default, all style attributes will be retained, but you can pass a list and only retain the specified style attribute. Example code: bleach.clean(html, styles=['color', 'font-size']) 4. Protocols: Used to specify the allowable URI protocol.By default, all agreements will be accepted.You can pass a list and only allow specific URI protocols. Example code: bleach.clean(html, protocols=['http', 'https']) Customized rules: In addition to the configuration option, Python Bleach also allows you to customize the filtering rules.You can write your own filter function and add it to the Cleach object of Bleach. Example code: def custom_filter(tag, name, value): if name == 'data-custom-attribute': return False return bleach.DEFAULT_CALLBACKS[tag](name, value) cleaner = bleach.Cleaner(filters=[custom_filter]) cleaner.clean(html) In the above example, we define a custom filter function `Custom_filter`, which will check whether the label attribute name is` Data-CUSTOM-ATTRIBUTE, if so, reject the attribute.We pass the custom filter function to the Cleaner object through the `Filters` parameter, and use the` Clean () `method to filter. By configuration options and custom rules, the Python Bleach library provides flexible and powerful functions to clean up and filter HTML content to ensure the security of the website or application.