I am building a blog website where people who have been granted with an account with the site (Admins), can submit their own posts by uploading a template. At the moment I have it setup so the user has to upload html/css file(s).
The problem is that I need to be able to put restrictions on the content that is in the template -- for example, restrict the user from using <script> or <body> tags, or restrict them from changing CSS on elements outside of their own template (I am using Jinja 2 to contain the user's post within a base template). I know there is a tool called Bleach that lets you filter out html elements but I feel like that may be a bit hackish for what i'm doing, or doesn't fully resolve my problem.
Any suggestions?
Aucun commentaire:
Enregistrer un commentaire