Fix #5 allow the replace of html sanitizer

flasgger · Aug 31, 2015 · 2d35ef6 · 2d35ef6
1 parent 0b9997e
commit 2d35ef6
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -217,6 +217,26 @@ def post():
         return abort(500)
 ```
 
+# HTML sanitizer
+
+By default Flasgger will try to sanitize the content in YAML definitions
+replacing every ```\n``` with ```<br>``` but you can change this behaviour
+setting another kind of sanitizer.
+
+```
+from flasgger import Swagger, NO_SANITIZER
+
+app =Flask()
+Swagger(app, sanitizer=NO_SANITIZER)
+```
+
+You can write your own sanitizer
+
+```
+Swagger(app, sanitizer=lambda text: do_anything_with(text))
+```
+
+
 # More
 
 flasgger supports docstrings in methods of MethodView classes (ala [Flask-RESTful](https://github.com/flask-restful/flask-restful)) and regular Flask view functions.

diff --git a/flasgger/__init__.py b/flasgger/__init__.py
@@ -1,7 +1,7 @@
 
-__version__ = '0.5.0'
+__version__ = '0.5.1'
 __author__ = 'Bruno Rocha'
 __email__ = 'rochacbruno@gmail.com'
 
 
-from .base import Swagger  # noqa
+from .base import Swagger, NO_SANITIZER, BR_SANITIZER  # noqa
diff --git a/flasgger/base.py b/flasgger/base.py
@@ -15,9 +15,8 @@
 from flask import jsonify, Blueprint, url_for, current_app
 from flask.views import MethodView
 
-
-def _sanitize(comment):
-    return comment.replace('\n', '<br/>') if comment else comment
+NO_SANITIZER = lambda text: text
+BR_SANITIZER = lambda text: text.replace('\n', '<br/>') if text else text
 
 
 def get_path_from_doc(full_doc):
@@ -161,7 +160,7 @@ def __init__(self, *args, **kwargs):
         view_args = kwargs.pop('view_args', {})
         self.config = view_args.get('config')
         self.spec = view_args.get('spec')
-        self.process_doc = _sanitize
+        self.process_doc = view_args.get('sanitizer', BR_SANITIZER)
         super(OutputView, self).__init__(*args, **kwargs)
 
     def get_url_mappings(self, rule_filter=None):
@@ -275,8 +274,9 @@ class Swagger(object):
         "specs_route": "/specs"
     }
 
-    def __init__(self, app=None, config=None):
+    def __init__(self, app=None, config=None, sanitizer=None):
         self.endpoints = []
+        self.sanitizer = sanitizer or BR_SANITIZER
         self.config = config or self.DEFAULT_CONFIG.copy()
         if app:
             self.init_app(app)
@@ -306,7 +306,10 @@ def register_views(self, app):
                 spec['endpoint'],
                 view_func=OutputView().as_view(
                     spec['endpoint'],
-                    view_args=dict(app=app, config=self.config, spec=spec)
+                    view_args=dict(
+                        app=app, config=self.config,
+                        spec=spec, sanitizer=self.sanitizer
+                    )
                 )
             )
 

diff --git a/flasgger/utils.py b/flasgger/utils.py
@@ -6,6 +6,7 @@
 from functools import wraps
 from .base import _extract_definitions, yaml, load_from_file
 
+
 def swag_from(filepath, filetype=None):
     """
     filepath is complete path to open the file
@@ -53,7 +54,7 @@ def validate(data, schema_id, filepath, root=None):
         if item.get('schema')
     ]
     definitions = {}
-    raw_definitions =  _extract_definitions(params)
+    raw_definitions = _extract_definitions(params)
     for defi in raw_definitions:
         if defi['id'] == schema_id:
             main_def = defi.copy()

diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,6 @@
 Flask>=0.10
 PyYAML>=3.0
-jsonschema==4.5.1
+jsonschema==2.5.1
 pep8==1.5.7
 flake8==2.4.1
 shiftpy==0.1.3