Remove script content with tag

[jsocol]

In clean(), there's no way to remove the contents of a <script> tag. In discussion in #57 we decided the best approach was an additional kwarg and optional treewalk to remove a <script> and any of its children, including text nodes (e.g. the script content).

[originell]

👍 :-)

[Garito]

Ok, for me to continue here...

[Garito]

So... should I continue with my aproach or not?

[brutasse]

This probably shouldn't be limited to <script> tags. This use case is valid for <style> tags or anything that could contain non-human-readable content.

I'd suggest clean() gets a new strip_content kwarg with a list of tags for which to strip the content, although the API would be a bit weird with strip being a boolean. Maybe there are cleaner options but it'd be nice to have this not limited to <script> tags.

[kimus]

👍

[EmilStenstrom]

Another use-case for this feature is to clean incoming HTML e-mail. These are ofter comprised of full HTML documents, with html, head, body, script and style tags. Running bleach on these leaves the full content of the script and style tags as the page content.

Only workaround I've found so far is to allow script and style tags in bleach, and clear them in a later step with lxml.html.clean.Cleaner.

[jsocol]

Another use-case for this feature is to clean incoming HTML e-mail. These are ofter comprised of full HTML documents

Bleach operates on document fragments, not full documents. Full document support is explicitly listed in the "Non Goals" section of the docs

[EmilStenstrom]

That's a shame. This is the only missing feature for that use-case.

[willkg]

I've thought about this for a while and I think I'm going to pass on it for .clean().

There are two big reasons for doing this:

1. .clean() is about removing malicious content--not about transforming HTML documents for other mediums or prettifying content. .clean() is a security-focused function and as such, keeping its functionality minimal reduces the likelihood of bugs that have security-related impact. That's really important.
2. Seems like the use cases for stripping content in tags are related to transforming HTML documents and prettifying content. I think that should get handled by a different function or possibly not by bleach at all.

Towards that, I've clarified the goals/non-goals language and updated the docs to make it clearer what .clean() is supposed to be doing and what it's not going to be good for.

Given that, I'm going to pass on this and close it out.

I'm game for talking about building a .prettify() function which is about prettifying HTML which would cover the use these changes cover. That should be a new issue, though.

[EmilStenstrom]

I'm opened a new issue for adding a prettify() method in #234.