No activity today, make something!
tiddlyweb validator

20160313194853 cdent  

A validator is a function called when a recipe, bag or tiddler is PUT to the server. Based on configuration, plugins and policies zero to many validators may be called when an entity is PUT. How things work depends on the type of entity:

Bags and Recipes

By default the description attribute of a bag or recipe is sanitized for dangerous HTML. That function may be turned off or other validators added by adjusting the list of functions in tiddlyweb.web.validator.BAG_VALIDATORS or tiddlyweb.web.validator.RECIPE_VALIDATORS. See below for more about the functions.


Tiddlers are sent through the validator process based on the accept constraint in the policy of the bag to which the tiddler is being PUT. If the accept constraint is empty no validation is done. If there is a user, some users, a role or the special policy words ANY or NONE listed then the tiddler is passed to the functions in tiddlyweb.web.validator.TIDDLER_VALIDATORS for every user that does not match the constraint (that is, the content is accepted without validation for the people listed in the constraints).

In the current code distribution there are no TIDDLER_VALIDATORS, they may be added via plugins.

Validator Functions

A validator function has a simple signature: entity, environ where entity is a bag, recipe or tiddler. The validator either //changes// the provided entity, or raises an exception indicating that it can't be valid. The exceptions are InvalidTiddlerError, InvalidBagError, InvalidRecipeError.


A simple example validator can be found at

@bengillies has written validators for sanitizing HTML and TiddlyWiki inputs.