https://github.com/fedora-python/lxml_html_clean

Separate project for HTML cleaning functionalities copied from lxml.html.clean.
https://github.com/fedora-python/lxml_html_clean

Last synced: 8 months ago
JSON representation

Separate project for HTML cleaning functionalities copied from lxml.html.clean.

• Host: GitHub
• URL: https://github.com/fedora-python/lxml_html_clean
• Owner: fedora-python
• License: bsd-3-clause
• Created: 2023-10-23T11:26:16.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-04-09T11:33:25.000Z (10 months ago)
• Last Synced: 2025-05-10T03:23:39.791Z (9 months ago)
• Language: Python
• Size: 194 KB
• Stars: 6
• Watchers: 8
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGES.rst
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# lxml_html_clean

## Motivation

This project was initially a part of [lxml](https://github.com/lxml/lxml). Because HTML cleaner is designed as blocklist-based, many reports about possible security vulnerabilities were filed for lxml and that make the project problematic for security-sensitive environments. Therefore we decided to extract the problematic part to a separate project.

**Important**: the HTML Cleaner in ``lxml_html_clean`` is **not** considered appropriate **for security sensitive environments**. See e.g. [bleach](https://pypi.org/project/bleach/) for an alternative.

This project uses functions from Python's `urllib.parse` for URL parsing which **do not validate inputs**. For more information on potential security risks, refer to the [URL parsing security](https://docs.python.org/3/library/urllib.parse.html#url-parsing-security) documentation. A maliciously crafted URL could potentially bypass the allowed hosts check in `Cleaner`.

## Installation

You can install this project directly via `pip install lxml_html_clean` or as an extra of lxml

via `pip install lxml[html_clean]`. Both ways install this project together with lxml itself.

## Security

For discussions regarding security-related issues or any sensitive reports, please contact us privately.

You can reach out to lbalhar(at)redhat.com or frenzy.madness(at)gmail.com to ensure your concerns

are addressed confidentially and securely.

## Documentation

[https://lxml-html-clean.readthedocs.io/](https://lxml-html-clean.readthedocs.io/)

## License

BSD-3-Clause