From feb5d9b74fa1e8454eaaf29afae3643c6d7c81f1 Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Fri, 11 Nov 2022 22:02:43 -0700
Subject: Got up to incoming posts working

---
 core/html.py | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 core/html.py

(limited to 'core/html.py')

diff --git a/core/html.py b/core/html.py
new file mode 100644
index 0000000..e63dda3
--- /dev/null
+++ b/core/html.py
@@ -0,0 +1,11 @@
+import bleach
+from django.utils.safestring import mark_safe
+
+
+def sanitize_post(post_html: str) -> str:
+    """
+    Only allows a, br, p and span tags, and class attributes.
+    """
+    return mark_safe(
+        bleach.clean(post_html, tags=["a", "br", "p", "span"], attributes=["class"])
+    )
-- 
cgit v1.2.3