Filter like "striptags" that also removes tag contents

[geoffhill]

There should be a template tag like "striptags" that also removes everything inside matched tag pairs. Most of the times I've presented template developers with the removetags/striptags filter, they expect this to be the default behavior. Making a separate template tag with this behavior would be better for backwards compatibility.

{{ value|cleartags:"script noscript"|safe }}

If value is <p>Here's a <strong>good</strong>, friendly<script type="text/javascript">...</script> paragraph.</p>, then the output would be <p>Here's a <strong>good</strong>, friendly paragraph.</p>.

[Luke Plant]

Your use case sounds like you want a 'sanitise html' filter, and what you have proposed doesn't do the job, because it doesn't deal with evil attributes. See ​http://ha.ckers.org/xss.html

If you are dealing with non-evil HTML, however, then the behaviour of striptags is much better - you don't want:

<p>Some <b>really important</b> message</p>

to be turned into:

<p>Some message</p>

So I'm closing as WONTFIX, precisely because people are most likely to use it as an HTML sanitizer, for which it is ill-suited, and for other purposes striptags seems much more appropriate. Please re-open if there is another use case.

[Tai Lee]

I'm not exactly sure what you mean by "sanitize HTML" and "evil attributes", but I was surprised by the behaviour of striptags, which I thought should remove redundant markup and leave the relevant content. Some tags, like <style></style> and <script></script> make striptags practically useless, unless you are sure your content already doesn't have these tags. Who wants to see raw CSS definitions and JS code mixed in with the non-HTML content that remains? Either striptags should clear the contents of some special cased tags, or another filter like cleartags could help here.