1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Welcome to lxml_html_clean's documentation!
===========================================
Motivation
----------
This project was initially a part of `lxml <https://github.com/lxml/lxml>`_. Because HTML cleaner is designed as blocklist-based,
many reports about possible security vulnerabilities were filed for lxml and that make the project problematic for
security-sensitive environments. Therefore we decided to extract the problematic part to a separate project.
**Important**: the HTML Cleaner in ``lxml_html_clean`` is **not** considered appropriate **for security sensitive environments**.
See e.g. `bleach <https://pypi.org/project/bleach/>`_ for an alternative.
This project uses functions from Python's ``urllib.parse`` for URL parsing which **do not validate inputs**.
For more information on potential security risks, refer to the
`URL parsing security <https://docs.python.org/3/library/urllib.parse.html#url-parsing-security>`_ documentation.
A maliciously crafted URL could potentially bypass the allowed hosts check in ``Cleaner``.
Security
--------
For discussions regarding security-related issues or any sensitive reports, please contact us privately.
You can reach out to lbalhar(at)redhat.com or frenzy.madness(at)gmail.com to ensure your concerns
are addressed confidentially and securely.
Installation
------------
You can install this project directly via ``pip install lxml_html_clean`` or soon as an extra of lxml
via ``pip install lxml[html_clean]``. Both ways installs this project together with lxml itself.
Usage
=====
.. toctree::
:maxdepth: 2
usage
API
===
.. toctree::
:maxdepth: 2
lxml_html_clean
Changelog
=========
.. toctree::
:maxdepth: 2
changes
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`
|
