1. import html
  2. import re
  4. def encode_html(text, allow_tags=None):
  5. """
  6. Encodes HTML text for internal use with defensive checks.
  8. Args:
  9. text (str): The HTML text to encode.
  10. allow_tags (list, optional): A list of HTML tags to allow. Defaults to None.
  12. Returns:
  13. str: The encoded HTML text.
  14. """
  16. if not isinstance(text, str):
  17. raise TypeError("Input must be a string.")
  19. if allow_tags is not None and not isinstance(allow_tags, list):
  20. raise TypeError("allow_tags must be a list or None.")
  22. encoded_text = html.escape(text, quote=True) # Escape HTML entities
  24. if allow_tags:
  25. #Remove tags if allowed tags are specified.
  26. allowed_tags_regex = re.compile(r'<(/?)(\w+)>')
  27. def replace_tags(match):
  28. closing_tag = match.group(1)
  29. tag_name = match.group(2)
  30. if closing_tag:
  31. return ""
  32. else:
  33. return match.group(0) #Return tag as is if it's an opening tag that is not allowed
  35. encoded_text = allowed_tags_regex.sub(replace_tags, encoded_text)
  37. return encoded_text

Add your comment