What does HackerNews think of bleach?
Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes
Language:
Python
This is an excellent point; I should have addressed safety in my article. I'll point out that in my use case, I'm using `safe` on data I create and not any user-generated data.
You should never use `safe` on user data unless you use something like bleach (https://github.com/mozilla/bleach) to sanitize the data. Even then, you should use caution.
of this matter I really like https://github.com/mozilla/bleach .
is your project any different aside from the "service oriented" nature? (also I don't see any usage method, if not from the browser)
We ended up mitigating by sanitising tags+attributes, and validating all xlink:href's in the SVG-XML, using a library like bleach (https://github.com/mozilla/bleach) before passing to ImageMagick.
Probably not a bad thing to be doing anyway.