Sanitize field from xss attacks in django models
119 kali dilihat
Langsung ke pesan pertama yang belum dibaca
omar ahmed
6 Nov 2021, 08.44.0506/11/21
kepadaDjango users
hi all
i want to sanitize 'content' field from XSS attacks in django models
so i installed 'bleach' and used but script like "an <script>evil()</script> example" store as is (without sanitize script)
Note: i need bleach via function in models
Any idea ?
Thanks
Steven Mapes
6 Nov 2021, 12.03.5906/11/21
kepadaDjango users
Are you using the safe filter in your templates as otherwise that "attack" won't do anything but you are right that other XSS attack vectors can be used as per the example in the docs - https://docs.djangoproject.com/en/3.2/topics/security/#cross-site-scripting-xss-protection
If you are using safe then you could put a clean method on the form you are using to store the data in the first place to perform the validation/cleaning and if you wanted to go a step further and have places that update outside of forms then overload the save method of the class, put the custom validation in, then call super afterwards.
If you are using safe then you could put a clean method on the form you are using to store the data in the first place to perform the validation/cleaning and if you wanted to go a step further and have places that update outside of forms then overload the save method of the class, put the custom validation in, then call super afterwards.
omar ahmed
6 Nov 2021, 16.30.1006/11/21
kepadaDjango users
My final solution :
Balas ke semua
Balas ke penulis
Teruskan
0 pesan baru