Are you using the safe filter in your templates as otherwise that "attack" won't do anything but you are right that other XSS attack vectors can be used as per the example in the docs -
https://docs.djangoproject.com/en/3.2/topics/security/#cross-site-scripting-xss-protectionIf you are using safe then you could put a clean method on the form you are using to store the data in the first place to perform the validation/cleaning and if you wanted to go a step further and have places that update outside of forms then overload the save method of the class, put the custom validation in, then call super afterwards.