DRF Request

[Andrew Fam]

class BleachXSSMiddleware(object):

     def process_request(self, request):

        if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE') and request.user.is_authenticated():

            mutable = request.POST._mutable

            request.POST._mutable = True

            for k, v in request.POST.items():

                if len (request.POST.getlist(k)) > 1:

                    pass

                else:

                    request.POST[k] = bleach_val(v)

            request.POST._mutable = mutable

            request.bleach_data = request.POST

I have a middleware as above that cleans request.POST data all over my site using mozilla bleach which works all through my site.

However I noticed that because DRF clones the request into Request, this bleaching doesn't get passed into the viewset create and xss happens.

How can I do something similar on the Request that DRF clones?