A "safe" python HTML text formatting (ala textile)

Question

I've been looking around for an existing python library in the style of textile to format text for users to enter.

If it was just me entering it, just textile would have been fine, but since the input is meant for a django app that will take user input and display it, while still maintaining some formatting.

I managed to find little loopholes here in there in the existing libraries I saw. They sometimes wouldn't escape things the way they should have, would let me input straight HTML and the list goes on.

So what are some recommendations of conversion engines I can use?

Answer 1

Did you try the included django.contrib.markup libraries?

Answer 2

If you're using Django, you could try safe markdown:

{% load markup %}

{{ foo|markdown:"safe" }}

You'll need to have markdown installed, and django.contrib.markup in your settings.py apps.

If you want to sanitize HTML on save, I've had good luck using feedparser's sanitize (http://www.feedparser.org/).

import feedparser

body = feedparser._sanitizeHTML(body, 'utf8')