Coverage for polar/kit/html.py: 0%

1import re 

2 

3RE_HTML_TAG = re.compile(r"<[^>]*>") 

4 

5 

6def dangerously_strip_tags(html_input: str) -> str: 

7 """ 

8 This function TRIES to remove HTML tags from a string, however 

9 it's is highly likely that an attacker would be able to still 

10 end up with dangerous HTML in the returned string. 

11 

12 Therefore use DO NOT use this not as a sanitizer, but rather for making 

13 HTML that is known to be safe into plaintext. 

14 """ 

15 

16 result = re.sub(RE_HTML_TAG, "", html_input) 

17 

18 # Replace any leftover "<" and ">"s with their HTML entities 

19 result = result.replace("<", "&lt;") 

20 result = result.replace(">", "&gt;") 

21 

22 return result